VulnerableCode Package Details - pkg:pypi/ansible@8.5.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-qbdk-hxhg-wbh4 Aliases: CVE-2025-14010 GHSA-8ggh-xwr9-3373	Ansible Community General Collection is vulnerable to exposure of sensitive information A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure (IE) of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and potentially compromise Keycloak accounts or administrative access.	12.0.0 Affected by 0 other vulnerabilities. 12.2.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-qbdk-hxhg-wbh4
Aliases:
CVE-2025-14010
GHSA-8ggh-xwr9-3373

Ansible Community General Collection is vulnerable to exposure of sensitive information A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure (IE) of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and potentially compromise Keycloak accounts or administrative access.

12.0.0
Affected by 0 other vulnerabilities.

12.2.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-ujbp-cc1r-wfe9	Ansible symlink attack vulnerability An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.	CVE-2023-5115 GHSA-jpvw-p8pr-9g2x

Vulnerability

Summary

Aliases

VCID-ujbp-cc1r-wfe9

Ansible symlink attack vulnerability An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.

CVE-2023-5115
GHSA-jpvw-p8pr-9g2x

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-17T00:01:45.237512+00:00	GitLab Importer	Affected by	VCID-qbdk-hxhg-wbh4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ansible/CVE-2025-14010.yml	38.4.0
2026-04-16T22:47:16.800372+00:00	GitLab Importer	Fixing	VCID-ujbp-cc1r-wfe9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ansible/CVE-2023-5115.yml	38.4.0
2026-04-12T01:24:43.069006+00:00	GitLab Importer	Affected by	VCID-qbdk-hxhg-wbh4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ansible/CVE-2025-14010.yml	38.3.0
2026-04-12T00:07:02.385977+00:00	GitLab Importer	Fixing	VCID-ujbp-cc1r-wfe9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ansible/CVE-2023-5115.yml	38.3.0
2026-04-03T01:33:20.611189+00:00	GitLab Importer	Affected by	VCID-qbdk-hxhg-wbh4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ansible/CVE-2025-14010.yml	38.1.0
2026-04-03T00:11:41.663373+00:00	GitLab Importer	Fixing	VCID-ujbp-cc1r-wfe9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ansible/CVE-2023-5115.yml	38.1.0
2026-04-02T17:00:57.820587+00:00	GHSA Importer	Fixing	VCID-ujbp-cc1r-wfe9	https://github.com/advisories/GHSA-jpvw-p8pr-9g2x	38.1.0
2026-04-01T12:58:08.919036+00:00	GithubOSV Importer	Fixing	VCID-ujbp-cc1r-wfe9	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-jpvw-p8pr-9g2x/GHSA-jpvw-p8pr-9g2x.json	38.0.0
2026-04-01T12:52:20.707088+00:00	GitLab Importer	Fixing	VCID-ujbp-cc1r-wfe9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ansible/CVE-2023-5115.yml	38.0.0