Skip to content

Commit 18c0d81

Browse files
advisory-database[bot]advisory-database[bot]
committed
1 parent 6582676 commit 18c0d81

File tree

1 file changed

+40
-5
lines changed

1 file changed

+40
-5
lines changed

advisories/unreviewed/2025/12/GHSA-8ggh-xwr9-3373/GHSA-8ggh-xwr9-3373.json renamed to advisories/github-reviewed/2025/12/GHSA-8ggh-xwr9-3373/GHSA-8ggh-xwr9-3373.json

Lines changed: 40 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,38 +1,73 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-8ggh-xwr9-3373",
4-
"modified": "2025-12-04T12:31:05Z",
4+
"modified": "2025-12-05T02:15:35Z",
55
"published": "2025-12-04T12:31:05Z",
66
"aliases": [
77
"CVE-2025-14010"
88
],
9+
"summary": "Ansible Community General Collection is vulnerable to exposure of sensitive information",
910
"details": "A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure (IE) of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and potentially compromise Keycloak accounts or administrative access.",
1011
"severity": [
1112
{
1213
"type": "CVSS_V3",
1314
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
1415
}
1516
],
16-
"affected": [],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "PyPI",
21+
"name": "ansible"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"fixed": "12.0.0"
32+
}
33+
]
34+
}
35+
]
36+
}
37+
],
1738
"references": [
1839
{
1940
"type": "ADVISORY",
2041
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14010"
2142
},
43+
{
44+
"type": "WEB",
45+
"url": "https://github.com/ansible-collections/community.general/pull/11005"
46+
},
47+
{
48+
"type": "WEB",
49+
"url": "https://github.com/ansible-collections/community.general/commit/54af64ad363efe280b34102d2637fe272c1f7320"
50+
},
2251
{
2352
"type": "WEB",
2453
"url": "https://access.redhat.com/security/cve/CVE-2025-14010"
2554
},
2655
{
2756
"type": "WEB",
2857
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418774"
58+
},
59+
{
60+
"type": "PACKAGE",
61+
"url": "https://github.com/ansible-collections/community.general"
2962
}
3063
],
3164
"database_specific": {
32-
"cwe_ids": [],
65+
"cwe_ids": [
66+
"CWE-200"
67+
],
3368
"severity": "MODERATE",
34-
"github_reviewed": false,
35-
"github_reviewed_at": null,
69+
"github_reviewed": true,
70+
"github_reviewed_at": "2025-12-05T02:15:35Z",
3671
"nvd_published_at": "2025-12-04T10:16:00Z"
3772
}
3873
}

0 commit comments

Comments
 (0)