Community
Participate
Working Groups
Created attachment 285573 [details] password Hello, In our search we found the following Clear Text InformationLike: UserName/Password/API KEY/SECRET/Tokens. Please protect your data, Attackers can reuse them for their purpose . Url : https://github.com/eclipse-cbi/jiro/blob/4549be0cb688ac796d2b6440dadced918eb87c01/instances/ecd.codewind/target/.secrets/maven/settings.xml https://github.com/eclipse-cbi/jiro/blob/4549be0cb688ac796d2b6440dadced918eb87c01/instances/ecd.codewind/target/.secrets/maven/settings-security.xml Liked my Bug ? Buy me a coffee (or more likely a Beer X2) https://www.paypal.com/paypalme/bugbounty1/150USD https://www.paypal.com/paypalme/bugbounty1/75USD https://www.buymeacoffee.com/bugbounty Help me to continue to protect others Information .
Thanks for the report. We are working on it.
The credentials have been revoked
I've removed the files with the secrets https://github.com/eclipse-cbi/jiro/commit/1b5ab01e10c62373ae7ddd20ec32b7c89926ae1d We will do a full audit tomorrow to check whether the credentials have been used.
We've published a postmortem about the incident https://mikael-barbero.medium.com/credentials-leaked-on-github-4d0658db8080 This conclude the incident. Thanks again for your report.