A logic flaw exists in Ansible. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability.

Related CVEs

CVE-2023-4380

Key Information

GHSA ID

GHSA-2pfv-q6j2-pcrf

Published

October 4, 2023 3:30 PM

Last Modified

January 2, 2024 12:30 AM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: June 18, 2025 6:25 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.