← voltar
CVE-2025-14010

Ansible-collection-community-general: ansible-collection-community-general: keycloak user module leaks credentials in verbose output

CVSS 5.5 MEDIUMEPSS 0.1%CWE-532
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 5.5EPSS 0.1%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
04 dez 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure (IE) of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and potentially compromise Keycloak accounts or administrative access.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →