SAUCE Access_key and User_name leaked in Travis CI build logs

Disclosed: 2017-07-12 15:47:02 By an0n-j To algolia

Medium

Vulnerability Details

hello algolia team, I founded the SAUCE Access_Key and User_name was leaked in Travis CI build logs of instantsearch.js product [#Line-249-&-250](https://travis-ci.org/algolia/instantsearch.js/builds/225176027#L249). This can be used to perform every API calls of sauce-lab.(e.g Creating a Sub account. I created a test account for testing. sorry for this ;) ). You should revoke the access_key and secure the key in Travis Cl build logs.

Actions

View on HackerOne

Report Stats

Report ID: 238890
State: Closed
Substate: resolved
Upvotes: 2

SAUCE Access_key and User_name leaked in Travis CI build logs

Vulnerability Details

Actions

Report Stats

Share this report