CVE-2023-4380

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-4380
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4380.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-4380
Downstream
Published
2023-10-04T15:15:12.703Z
Modified
2026-03-14T15:02:21.504419Z
Severity
  • 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
Summary
[none]
Details

A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability.

References

Affected packages

Git /

Affected ranges

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "2.4"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "1.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "1.2"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4380.json"