CVE-2021-21361

Name of the Vulnerable Software and Affected Versions com.bmuschko:gradle-vagrant-plugin versions prior to 3.0.0

Description The com.bmuschko:gradle-vagrant-plugin Gradle plugin contains an information disclosure issue due to the logging of system environment variables. When this plugin is executed in public CI/CD, it can lead to sensitive credentials being exposed to malicious actors.

Recommendations For versions prior to 3.0.0, update to version 3.0.0 to resolve the issue. As a temporary workaround, consider disabling the logging of system environment variables until a patch is available. Restrict access to sensitive credentials in public CI/CD environments to minimize the risk of exploitation.