CVE-2025-14010

Medium CVSS: 5.5

A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure (IE) of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and potentially compromise Keycloak accounts or administrative access.

Vendor

Redhat

Product

Community.general

CWE

CWE-532

Yayın Tarihi

2025-12-04 10:16:00

Güncelleme

2026-01-02 20:41:41

Source Identifier

secalert@redhat.com

KEV Date Added

Kategoriler

CWE-532 Community.general MEDIUM Redhat 2025

Referanslar

https://access.redhat.com/security/cve/CVE-2025-14010 https://bugzilla.redhat.com/show_bug.cgi?id=2418774

Benzer Kayıtlar

High

CVE-2026-28369

A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more…

High

CVE-2026-28368

A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where…

Medium

CVE-2026-3121

A flaw was found in Keycloak. An administrator with `manage-clients` permission can exploit a misconfiguration where thi…

Medium

CVE-2026-3190

A flaw was found in Keycloak. The User-Managed Access (UMA) 2.0 Protection API endpoint for permission tickets fails to…

Low

CVE-2026-4874

A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery (SSRF) by manipulating t…

Low

CVE-2026-4633

A flaw was found in Keycloak. A remote attacker can exploit differential error messages during the identity-first login…