Information Disclosure

gradle-vagrant-plugin is vulnerable to information disclosure. The vulnerability exists as the values of environment variables are logged when environmentVariables are set, and when printCommandLineArgs in GDKExternalProcessExecutor.groovy is executed...

CVE-2021-21361 Sensitive information disclosure via log in com.bmuschko:gradle-vagrant-plugin

The com.bmuschko:gradle-vagrant-plugin Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in public CI/CD, this can lead to sensitive credentials being exposed to malicious actors. This is fixe...

com.bmuschko.vagrant-base:com.bmuschko.vagrant-base.gradle.plugin (>=2.0 <=2.2.1), com.bmuschko.vagrant:com.bmuschko.vagrant.gradle.plugin (>=2.0 <=2.2.1) potentially affected by CVE-2021-21361 via com.bmuschko:gradle-vagrant-plugin (>=2.0 <=2.2.1)

com.bmuschko:gradle-vagrant-plugin MAVEN version =2.0, =2.0, =2.0, =2.2.1 Source cves: CVE-2021-21361 Source advisory: OSV:GHSA-JPCM-4485-69P7...

Gradle 日志信息泄露漏洞

Gradle is a set of JVM-based project building tools from Gradle, Inc. that supports maven, Ivy repositories, and more. A log message disclosure vulnerability exists in the Gradle plugin's com.bmuschko:gradle-vagrant-plugin. When this Gradle plugin is executed in a public CI/CD, it results in the...

CVE-2017-15884

In HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges...

HashiCorp Vagrant VMware Fusion Plugin Local Root Vulnerability

HashiCorp Vagrant VMware Fusion plugin is a tool for building and managing virtual machine environments on VMware virtual machines developed by HashiCorp, USA. A security vulnerability exists in the insecure suid wrapper binary in HashiCorp Vagrant VMware Fusion plugin version 4.0.24 and earlier...

Hashicorp vagrant-vmware-fusion 4.0.24 Local Root Privilege Escalation

I have previously disclosed a couple of bugs in Hashicorp's vagrant-vmware-fusion plugin for vagrant. Unfortunately the 4.0.23 release which was supposed to fix the previous bug I reported didn't address the issue, so Hashicorp quickly put out another release - 4.0.24 - after that but didn't upda...

Hashicorp vagrant-vmware-fusion <= 4.0.20 - Local root Privilege Esclation Exploit

Exploit for macOS platform in category local exploits I'm a big fan of Hashicorp but this is an awful bug to have in software of their calibre. Their vagrant plugin for vmware fusion uses a product called Ruby Encoder to protect their proprietary ruby code. It does this by turning the ruby code...