5.5
CVE-2025-14010
- EPSS 0.12%
- Veröffentlicht 04.12.2025 09:51:55
- Zuletzt bearbeitet 20.05.2026 13:16:15
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Ansible-collection-community-general: ansible-collection-community-general: keycloak user module leaks credentials in verbose output
A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure (IE) of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and potentially compromise Keycloak accounts or administrative access.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Community.General Version-
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.019 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-532 Insertion of Sensitive Information into Log File
The product writes sensitive information to a log file.
https://access.redhat.com/security/cve/CVE-2025-14010
https://bugzilla.redhat.com/show_bug.cgi?id=2418774
https://github.com/ansible-collections/community.general/issues/11000
https://github.com/ansible-collections/community.general/pull/11005
https://github.com/ansible-community/ansible-build-data/blob/main/12/CHANGELOG-v12.md#security-fixes