CVE-2021-32074: Inclusion of Sensitive Information in Log Files
(updated )
HashiCorp vault-action (aka Vault GitHub Action) allows attackers to obtain sensitive information from log files because a multi-line secret was not correctly registered with GitHub Actions for log masking.
References
Detect and mitigate CVE-2021-32074 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →