Описание
The com.bmuschko:gradle-vagrant-plugin Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in public CI/CD, this can lead to sensitive credentials being exposed to malicious actors. This is fixed in version 3.0.0.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.6 (исключая)Версия от 2.0 (включая) до 3.0.0 (исключая)
Одно из
cpe:2.3:a:vagrant_project:vagrant:*:*:*:*:*:gradle:*:*
cpe:2.3:a:vagrant_project:vagrant:*:*:*:*:*:gradle:*:*
EPSS
Процентиль: 31%
0.00119
Низкий
5.3 Medium
CVSS3
6.5 Medium
CVSS3
3.3 Low
CVSS2
Дефекты
CWE-532
Связанные уязвимости
CVSS3: 7.4
github
почти 5 лет назад
Sensitive information disclosure via log in com.bmuschko:gradle-vagrant-plugin
EPSS
Процентиль: 31%
0.00119
Низкий
5.3 Medium
CVSS3
6.5 Medium
CVSS3
3.3 Low
CVSS2
Дефекты
CWE-532