CVE-2022-3697

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-3697
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3697.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-3697
Aliases
Downstream
Published
2022-10-28T16:15:16Z
Modified
2025-10-16T05:30:06.916006Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

A flaw was found in Ansible in the amazon.aws collection when using the towercallback parameter from the amazon.aws.ec2instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.

References

Affected packages

Git / github.com/ansible-collections/amazon.aws

Affected ranges

Type
GIT
Repo
https://github.com/ansible-collections/amazon.aws
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
e68f0e1c573a76efc4b2e40e6f4acdc8e8310729
Type
GIT
Repo
https://github.com/ansible-collections/community.aws
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
ee984b2b972275bbc4e6a011ed9046d497689e16
Type
GIT
Repo
https://github.com/ansible/ansible
Events
Introduced
2c2dd1a1b3eca6248979e04e70afff6dd3fcf366
Fixed
a6ed9551320b5f9d2a15a69e4c8b22ee31f0f778

Affected versions

0.*

0.1.2

1.*

1.0.0
1.1.0
1.2.0
1.2.1
1.3.0
1.4.0
1.4.1
1.5.0