Description
A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure (IE) of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and potentially compromise Keycloak accounts or administrative access.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Affected products
- ansible-collections / Ansible Community General Collection7.1.0 – 9.5.13
- ansible-collections / Ansible Community General Collection10.0.0 – 10.7.6
- ansible-collections / Ansible Community General Collection11.0.0 – 11.4.1
- ansible-collections / Ansible Community General Collection12.0.0 – 12.2.0
References
- VENDOR_ADVISORYhttps://access.redhat.com/security/cve/CVE-2025-14010
- MISChttps://bugzilla.redhat.com/show_bug.cgi?id=2418774
- MISChttps://github.com/ansible-collections/community.general/issues/11000
- PATCHhttps://github.com/ansible-collections/community.general/pull/11005
- MISChttps://github.com/ansible-community/ansible-build-data/blob/main/12/CHANGELOG-v12.md#security-fixes