Security Disclosure
Incident Report for CodeShip
Resolved
On June 11th 2019, a responsible disclosure from an external security researcher made us aware of a vulnerability allowing access to an administrative interface showing internal queues where CodeShip Basic builds store and transmit messages between systems. Upon disclosure, we remedied the vulnerability within minutes to ensure that sensitive information waiting in those queues are not accessible without proper authentication and authorization.

As a follow up, we did a thorough investigation on page access and were able to conclude that no unauthorized access to that page occurred outside of the security research.

If you are a CodeShip Basic customer and you are concerned about this disclosure, please rotate your secrets, but we can confirm that no unauthorized access has occurred. (Rotating secrets regularly is good practice in general, and we advise our customers to do so regardless.)

We're sorry for the issue - we take security very seriously and our team has been working as hard as possible to resolve the issue and put steps in place to prevent any possible recurrence in the future.
Posted 27 days ago. Jun 19, 2019 - 16:42 UTC