#CI/CDlogs – Xynik

AWS, Google, and Azure CLI Tools Could Leak Credentials in Build Logs

April 16, 2024 by Xynik

April 16, 2024 at 10:36AM New cybersecurity research reveals that CLI tools from AWS and Google Cloud can expose sensitive credentials in build logs, posing risks to organizations. Microsoft has addressed the issue, while Amazon and Google consider it expected behavior, advising organizations to avoid storing secrets in environment variables and use dedicated secrets store … Read more

Microsoft fixes critical Azure CLI flaw that leaked credentials in logs

November 14, 2023 by Xynik

November 14, 2023 at 01:46PM Microsoft has addressed a critical security vulnerability in Azure CLI that could allow attackers to steal credentials from GitHub Actions or Azure DevOps logs. The bug, identified as CVE-2023-36052, enables unauthenticated attackers to access plain text contents written by Azure CLI to CI/CD logs. Microsoft advises users to update to … Read more