← volver
CVE-2025-14010

Ansible-collection-community-general: ansible-collection-community-general: keycloak user module leaks credentials in verbose output

CVSS 5.5 MEDIUMEPSS 0.1%CWE-532
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 5.5EPSS 0.1%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
04 dic 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure (IE) of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and potentially compromise Keycloak accounts or administrative access.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →