MidnightBSD

Advisories for vagrant_project

CVE-2021-21361 LOW

The `com.bmuschko:gradle-vagrant-plugin` Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in public CI/CD, this can lead to sensitive credentials being exposed to malicious actors. This is fixed in version 3.0.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 5.3 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 0.9 4.0
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-532,

Products Affected

Vendor Product Version
vagrant_project vagrant *