CVE-2021-32074

Name of the Vulnerable Software and Affected Versions: HashiCorp vault-action versions prior to 2.2.0

Description: The issue allows attackers to obtain sensitive information from log files because a multi-line secret was not correctly registered with GitHub Actions for log masking. This occurred due to the vault-action implementation not correctly handling the marking of multi-line variables, resulting in multi-line secrets not being correctly masked in vault-action output.

Recommendations: For versions prior to 2.2.0, consider upgrading to vault-action 2.2.0 or newer to resolve the issue. As a temporary workaround, consider restricting access to log files to minimize the risk of sensitive information exposure.