CVE-2022-3697

HIGH

Ansible amazon.aws Collection - Sensitive Information Exposure via tower_callback Parameter

Title source: llm

Description

A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.

References (2)

Core 2

Core References

Third Party Advisory

https://github.com/ansible-collections/amazon.aws/pull/1199

Mailing List

https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html

Scores

CVSS v3 7.5

EPSS 0.0023

EPSS Percentile 45.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-233

Status published

Products (4)

pypi/ansible 2.5.0 - 7.0.0PyPI

redhat/ansible 2.5.0 - 2.10.0

redhat/ansible_collection < 2.0.0

redhat/ansible_collection 2.1.0 - 5.1.0

Published Oct 28, 2022

Tracked Since Feb 18, 2026