Achọpụtala okwu nchekwa (CVE-2021-41077) na ọrụ ntinye aka na-aga n'ihu nke Travis CI, nke e mere iji nwalee ma wuo ọrụ emepụtara na GitHub na Bitbucket, nke na-enye gị ohere ịchọpụta ọdịnaya nke mgbanwe gburugburu ebe nzuzo nke ebe nchekwa ọha na-eji Travis. CI. Tinyere ihe ndị ọzọ, adịghị ike na-enye gị ohere ịchọpụta igodo eji na Travis CI maka ịmepụta akara dijitalụ, igodo ohere na akara maka ịnweta API.
Okwu a dị na Travis CI site na Septemba 3 ruo 10. Ọ bụ ihe kwesịrị ịrịba ama na e zigara ndị mmepe ozi gbasara adịghị ike ahụ na Septemba 7, mana ọ bụ naanị nzaghachi ka enwetara site na nkwenye iji ntụgharị isi. Enwetaghị nzaghachi kwesịrị ekwesị, ndị nyocha ahụ kpọtụụrụ GitHub ma nyefee Travis blacklist. Edoziri nsogbu ahụ naanị na Septemba 10 mgbe ọtụtụ mkpesa natara site na ọrụ dị iche iche. Mgbe ihe ahụ mechara, e bipụtara akụkọ nsogbu karịrị akarị na webụsaịtị Travis CI, nke, kama ịkọwapụta maka ndozi adịghị ike, nwere naanị nkwenye na-enweghị isi maka igodo ịnweta okirikiri.
N'ịgbaso iwe na njigide ozi site na ọtụtụ nnukwu ọrụ, ezigara akụkọ zuru oke na Travis CI support forum, na-adọ aka ná ntị na onye nwe ndụdụ nke ebe nchekwa ọhaneze ọ bụla, site n'itinye arịrịọ ịdọrọ, nwere ike ịmalite usoro iwu na uru. ohere na-enweghị ikike ịnweta mgbanwe gburugburu ebe nzuzo nzuzo nke ebe nchekwa mbụ, setịpụrụ na oge nrụpụta dabere na mpaghara sitere na faịlụ ".travis.yml" ma ọ bụ kọwaa site na travis CI web interface. A na-echekwa mgbanwe ndị dị otú ahụ n'ụdị ezoro ezo, a na-ewepụkwa ya naanị n'oge nrụpụta. Nsogbu a metụtara naanị ebe nchekwa enwere ike ịnweta ọhaneze nwere ndụdụ (ebe nchekwa nkeonwe anaghị ebuso ya agha).
isi: opennet.ru