Security News > 2022 > June > Thousands of GitHub, AWS, Docker tokens exposed in Travis CI logs
For a second time in less than a year, the Travis CI platform for software development and testing has exposed user data containing authentication tokens that could give access to developers' accounts on GitHub, Amazon Web Services, and Docker Hub.
Researchers at Aqua Security discovered that "Tens of thousands of user tokens" are exposed through the Travis CI API that offer access to more than 770 million logs with various types of credentials belonging to free tier users.
While investigating potential security risks from using continuous integration services, the researchers focused on the Travis platform and discovered an API call that allowed fetching logs in clear text when using the right log number.
The researchers found that Travis CI did not enforce sufficient protections for the log numbers and were able to run an enumeration script to retrieve the strings "From zero to infinity."
Using the two methods, Aqua Security researchers say that they were able to find logs dating between January 2013 and May 2022.
Exposing user logs seems to be a recurrent problem for Travis CI as reports about this type of risk have been published in 2015, 2019 and in 2021.