CVE-2025-14010

Source
https://cve.org/CVERecord?id=CVE-2025-14010
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-14010.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-14010
Aliases
Downstream
Published
2025-12-04T09:51:55.868Z
Modified
2026-07-08T08:11:57.433499735Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Ansible-collection-community-general: ansible-collection-community-general: keycloak user module leaks credentials in verbose output
Details

A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure (IE) of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and potentially compromise Keycloak accounts or administrative access.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/14xxx/CVE-2025-14010.json",
    "cna_assigner": "redhat"
}
References

Affected packages

Git / github.com/ansible-collections/community.general

Affected ranges

Type
GIT
Repo
https://github.com/ansible-collections/community.general
Events
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "7.1.0"
        },
        {
            "fixed": "9.5.13"
        },
        {
            "introduced": "10.0.0"
        },
        {
            "fixed": "10.7.6"
        },
        {
            "introduced": "11.0.0"
        },
        {
            "fixed": "11.4.1"
        },
        {
            "introduced": "12.0.0"
        },
        {
            "fixed": "12.2.0"
        }
    ]
}

Affected versions

10.*
10.0.0
10.0.1
10.1.0
10.2.0
10.3.0
10.3.1
10.4.0
10.5.0
10.6.0
10.7.0
10.7.1
10.7.2
10.7.3
10.7.4
10.7.5
11.*
11.0.0
11.1.0
11.1.1
11.1.2
11.2.0
11.2.1
11.3.0
11.4.0
12.*
12.0.0
12.0.1
12.1.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-14010.json"