Researchers at Aqua Security discovered that “tens of thousands of user tokens” are exposed through the Travis CI API allowing access to more than 770 million logs containing credentials for as GitHub, AWS, and Docker Hub.
- Team Nautilus found that tens of thousands of user tokens are exposed via the Travis CI API, which allows anyone to access historical clear-text logs. More than 770 million logs of free tier users are available, from which you can easily extract tokens, secrets, and other credentials associated with popular cloud service providers such as GitHub, AWS, and Docker Hub.
- Based on the Travis CI API manual, we discovered that a valid API call to fetch a clear-text log will require a log number. In this case, we can easily apply an enumeration script to fetch all the available logs between zero and infinity.
Researchers determined that a total of about 770 million logs were exposed. In a random sampling of 20,0000 logs, after cleaning up the data, they discovered about 73,000 tokens, secrets, and various credentials associated with cloud services like GitHub, AWS, and Docker Hub.”