PT-2025-49009 · Red Hat+1 · Ansible-Collection-Community-General+1
Published
2025-12-04
·
Updated
2026-05-20
·
CVE-2025-14010
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ansible-collection-community-general (affected versions not specified)
Description
A flaw exists in ansible-collection-community-general that can lead to information exposure of sensitive credentials, specifically plaintext passwords. This occurs when Ansible is run with debug modes, resulting in the logging of these secrets. Attackers with access to these logs could potentially retrieve the credentials and compromise accounts, such as Keycloak accounts or administrative access.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Information Disclosure
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Debian
Ansible-Collection-Community-General