Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-3697

A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.

Published

2022-10-28T16:15:16.403

Last Modified

2024-11-21T07:20:03.293

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-233
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	ansible	< 2.10.0	Yes
Application	redhat	ansible_collection	< 2.0.0	Yes
Application	redhat	ansible_collection	< 5.1.0	Yes

References

https://github.com/ansible-collections/amazon.aws/pull/1199 Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html ([email protected])
https://github.com/ansible-collections/amazon.aws/pull/1199 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html (af854a3a-2127-422b-91ae-364da2661108)