VulnerableCode Package Details - pkg:pypi/ansible@4.2.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-qbdk-hxhg-wbh4 Aliases: CVE-2025-14010 GHSA-8ggh-xwr9-3373	Ansible Community General Collection is vulnerable to exposure of sensitive information A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure (IE) of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and potentially compromise Keycloak accounts or administrative access.	12.0.0 Affected by 0 other vulnerabilities. 12.2.0 Affected by 0 other vulnerabilities.
VCID-ujbp-cc1r-wfe9 Aliases: CVE-2023-5115 GHSA-jpvw-p8pr-9g2x	Ansible symlink attack vulnerability An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.	8.5.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-qbdk-hxhg-wbh4
Aliases:
CVE-2025-14010
GHSA-8ggh-xwr9-3373

Ansible Community General Collection is vulnerable to exposure of sensitive information A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure (IE) of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and potentially compromise Keycloak accounts or administrative access.

12.0.0
Affected by 0 other vulnerabilities.

12.2.0
Affected by 0 other vulnerabilities.

VCID-ujbp-cc1r-wfe9
Aliases:
CVE-2023-5115
GHSA-jpvw-p8pr-9g2x

Ansible symlink attack vulnerability An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.

8.5.0
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-17T00:01:45.021044+00:00	GitLab Importer	Affected by	VCID-qbdk-hxhg-wbh4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ansible/CVE-2025-14010.yml	38.4.0
2026-04-16T22:47:16.594199+00:00	GitLab Importer	Affected by	VCID-ujbp-cc1r-wfe9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ansible/CVE-2023-5115.yml	38.4.0
2026-04-12T01:24:42.832344+00:00	GitLab Importer	Affected by	VCID-qbdk-hxhg-wbh4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ansible/CVE-2025-14010.yml	38.3.0
2026-04-12T00:07:02.143692+00:00	GitLab Importer	Affected by	VCID-ujbp-cc1r-wfe9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ansible/CVE-2023-5115.yml	38.3.0
2026-04-03T01:33:20.375747+00:00	GitLab Importer	Affected by	VCID-qbdk-hxhg-wbh4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ansible/CVE-2025-14010.yml	38.1.0
2026-04-03T00:11:41.378185+00:00	GitLab Importer	Affected by	VCID-ujbp-cc1r-wfe9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ansible/CVE-2023-5115.yml	38.1.0