1. Home
  2. Vulnerabilities
  3. CVE-2021-21361

CVE-2021-21361

CVSS v3.1 6.5 (Medium)
65% Progress
CVSS v2.0 3.3 (Low)
33% Progress
EPSS 0.07 % (33th)
0.07% Progress
Affected Products 1
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

The com.bmuschko:gradle-vagrant-plugin Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in public CI/CD, this can lead to sensitive credentials being exposed to malicious actors. This is fixed in version 3.0.0.

Weaknesses
CWE-532
Insertion of Sensitive Information into Log File
CVE Status
PUBLISHED
CNA
GitHub, Inc.
Published Date
2021-03-09 01:15:13
(3 years ago)
Updated Date
2021-03-16 18:57:50
(3 years ago)

Affected Products

Vagrant Project

Configuration #1

    CPE23 From Up To
  Vagrant Project Vagrant for Gradle prior 0.6 version cpe:2.3:a:vagrant_project:vagrant::*:*:*:*:gradle < 0.6
  Vagrant Project Vagrant for Gradle from 2.0 version and prior 3.0.0 version cpe:2.3:a:vagrant_project:vagrant::*:*:*:*:gradle >= 2.0 < 3.0.0