The com.bmuschko:gradle-vagrant-plugin
Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in public CI/CD, this can lead to sensitive credentials being exposed to malicious actors. This is fixed in version 3.0.0.
The product writes sensitive information to a log file.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Vagrant | Vagrant_project | * | 0.6 (excluding) |
Vagrant | Vagrant_project | 2.0 (including) | 3.0.0 (excluding) |