CVE-2021-21361 MEDIUM

CVE-2021-21361: Sensitive information disclosure via log in com.bmuschko:gradle-vagrant-plugin

Vendor Jlleitschuh
Product security-research
Weakness CWE-532 · Sensitive info in logs
Published March 9, 2021
Last update August 3, 2024

CVSS base score

5.3/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

The `com.bmuschko:gradle-vagrant-plugin` Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in public CI/CD, this can lead to sensitive credentials being exposed to malicious actors. This is fixed in version 3.0.0.

Key dates

02Disclosure timeline

March 9, 2021 CVE published
August 3, 2024 Record updated