Travis Ci · Travis Ci · CVE-2021-41077
**Name of the Vulnerable Software and Affected Versions**
Travis CI versions 2021-09-03 through 2021-09-10
**Description**
The activation process in Travis CI causes secret data to have unexpected sharing that is not specified by the customer-controlled .travis.yml file. This allows an unauthorized actor who forked a public repository and printed files during a build process to reveal customer-specific secret environment data, such as signing keys, access credentials, and API tokens.
**Recommendations**
For Travis CI versions 2021-09-03 through 2021-09-10, consider restricting access to sensitive data and environment variables until a fix is available. As a temporary workaround, avoid using sensitive data in builds during this time period. At the moment, there is no information about a newer version that contains a fix for this vulnerability.