travis-ci-disclosure: Travis CI Disclosure

日期: 2025-09-01 | 影响软件: Travis CI | POC: 已公开

漏洞描述

Travis CI is a Software as a Service (SaaS) based continuous integration service used to build and test software projects. By defining a configuration file named `.travis.yml` in their source code repositories, developers can customize their applications build workflows.

PoC代码[已公开]

id: travis-ci-disclosure

info:
  name: Travis CI Disclosure
  author: DhiyaneshDK
  severity: high
  verified: true
  description: |
    Travis CI is a Software as a Service (SaaS) based continuous integration service used to build and test software projects. By defining a configuration file named `.travis.yml` in their source code repositories, developers can customize their applications build workflows.
  reference:
    - https://github.com/maurosoria/dirsearch/blob/master/db/dicc.txt
    - https://arstechnica.com/information-technology/2021/09/travis-ci-flaw-exposed-secrets-for-thousands-of-open-source-projects/
    - https://www.tenable.com/plugins/was/113156
  tags: exposure,file,config,tenable

rules:
  r0:
    request:
      method: GET
      path: /.travis.yml
    expression: |
      response.body.bcontains(b'before_script:') &&
      response.body.bcontains(b'jobs:') &&
      response.body.bcontains(b'language:') &&
      response.raw_header.bcontains(b'application/octet-stream') &&
      response.status == 200
  r1:
    request:
      method: GET
      path: /matomo/.travis.yml
    expression: |
      response.body.bcontains(b'before_script:') &&
      response.body.bcontains(b'jobs:') &&
      response.body.bcontains(b'language:') &&
      response.raw_header.bcontains(b'application/octet-stream') &&
      response.status == 200
expression: r0() || r1()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/disclosure/travis-ci-disclosure.yaml

相关漏洞推荐