| Name | CVE-2025-14010 |
| Description | A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure (IE) of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and potentially compromise Keycloak accounts or administrative access. |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 1121951 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| ansible (PTS) | bullseye | 2.10.7+merged+base+2.10.17+dfsg-0+deb11u1 | vulnerable |
| bullseye (security) | 2.10.7+merged+base+2.10.17+dfsg-0+deb11u3 | vulnerable | |
| bookworm | 7.7.0+dfsg-3+deb12u1 | fixed | |
| trixie | 12.0.0~b5+dfsg-0+deb13u1 | vulnerable | |
| forky, sid | 13.1.0+dfsg-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| ansible | source | bookworm | (not affected) | |||
| ansible | source | (unstable) | 12.2.0+dfsg-1 | 1121951 |
[trixie] - ansible <no-dsa> (Minor issue)
[bookworm] - ansible <not-affected> (Vulnerable code not present)
https://bugzilla.redhat.com/show_bug.cgi?id=2418774
https://github.com/ansible-community/ansible-build-data/blob/main/12/CHANGELOG-v12.md#security-fixes
https://github.com/ansible-collections/community.general/issues/11000
https://github.com/ansible-collections/community.general/pull/11005