CVE-2021-21361

Severity CVSS v4.0:
Pending analysis
Type:
CWE-532 Information Exposure Through Log Files
Publication date:
09/03/2021
Last modified:
16/03/2021

Description

The `com.bmuschko:gradle-vagrant-plugin` Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in public CI/CD, this can lead to sensitive credentials being exposed to malicious actors. This is fixed in version 3.0.0.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:vagrant_project:vagrant:*:*:*:*:*:gradle:*:* 0.6 (excluding)
cpe:2.3:a:vagrant_project:vagrant:*:*:*:*:*:gradle:*:* 2.0 (including) 3.0.0 (excluding)