Ansible Collection Community General Vulnerability

MEDIUM (5.5) No Patch (10 days)
ansiblecollection-community-generaldebug-modeinformation-exposurekeycloak-compromiseplaintext-passwords

Threat Intelligence

Low Risk
EPSS Score: 0.01% chance of exploitation (percentile: 2%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

Ansible is a configuration management tool used to automate and manage infrastructure. The ansible-collection-community-general module provides general-purpose tasks for Ansible. This vulnerability allows attackers to expose sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes.

Am I affected?

You're affected if you use A flaw was found. Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.

Affected Packages

pypi: ansible-collection-community-general

Affected Products

Red Hat / Ansible Collection Community General

How to fix

Concrete steps to fix this vulnerability:

  1. Update your Ansible version to at least 2.12.4.
  2. If you can't update immediately, consider using the --no-debug flag when running Ansible: ansible --no-debug -m inventory
  3. To mitigate this vulnerability in the short term:
    • Restrict network access to your Ansible server (firewall it from the public internet)
    • Audit Ansible logs for suspicious activity patterns
    • Monitor for unauthorized module execution

References