VDB

GCVE-VVD-CLOUD-2023-0011

GCVE-VVD-CLOUD-2023-0011
Advisory Published
Vulnetix · Advisory published November 14, 2023
Palo Alto discovered that Azure CLI commands were found to leak sensitive credentials and environment variables in GitHub Actions logs. This issue affects both public and private repositories, potentially exposing secrets to unauthorized parties. The problem stems from the Azure CLI's design to echo back accessed/created/updated/deleted resource information, which can include sensitive data. Later research by Orca Security revealed that AWS CLI and Google Cloud CLI were affected by the same issue, but AWS and GCP view this as expected behavior.
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
AWSAzure CLI, AWS CLI, Google Cloud CLI
GCPAzure CLI, AWS CLI, Google Cloud CLI
AzureAzure CLI, AWS CLI, Google Cloud CLI
GitHubCloud Services
AWSECR

Aliases

CVE-2023-36052

Transitive aliases

EUVD-2023-40035MSRC_CVE-2023-36052GHSA-m32x-6xp4-26j2GSD-2023-36052BDU:2023-07984VVD-CLOUD-2023-0010BIT-azure-cli-2023-36052VVD-CISA-2023-36052

References

CLI Tools Leak Credentials in GitHub Actions Logs
advisory
advisory
advisory
advisory

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›