GHSA-cpx3-93w7-457x

Suggest an improvement
Source
https://github.com/advisories/GHSA-cpx3-93w7-457x
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-cpx3-93w7-457x/GHSA-cpx3-93w7-457x.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-cpx3-93w7-457x
Aliases
Published
2022-10-28T19:00:38Z
Modified
2024-02-16T08:07:34.204086Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Ansible leaks password to logs
Details

A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.

Database specific
{
    "nvd_published_at": "2022-10-28T16:15:00Z",
    "cwe_ids": [
        "CWE-233"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-01-24T23:11:22Z"
}
References

Affected packages

PyPI / ansible

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.5.0
Fixed
7.0.0

Affected versions

2.*

2.5.0
2.5.1
2.5.2
2.5.3
2.5.4
2.5.5
2.5.6
2.5.7
2.5.8
2.5.9
2.5.10
2.5.11
2.5.12
2.5.13
2.5.14
2.5.15
2.6.0a1
2.6.0a2
2.6.0rc1
2.6.0rc2
2.6.0rc3
2.6.0rc4
2.6.0rc5
2.6.0
2.6.1
2.6.2
2.6.3
2.6.4
2.6.5
2.6.6
2.6.7
2.6.8
2.6.9
2.6.10
2.6.11
2.6.12
2.6.13
2.6.14
2.6.15
2.6.16
2.6.17
2.6.18
2.6.19
2.6.20
2.7.0.dev0
2.7.0a1
2.7.0b1
2.7.0rc1
2.7.0rc2
2.7.0rc3
2.7.0rc4
2.7.0
2.7.1
2.7.2
2.7.3
2.7.4
2.7.5
2.7.6
2.7.7
2.7.8
2.7.9
2.7.10
2.7.11
2.7.12
2.7.13
2.7.14
2.7.15
2.7.16
2.7.17
2.7.18
2.8.0a1
2.8.0b1
2.8.0rc1
2.8.0rc2
2.8.0rc3
2.8.0
2.8.1
2.8.2
2.8.3
2.8.4
2.8.5
2.8.6
2.8.7
2.8.8
2.8.9
2.8.10
2.8.11
2.8.12
2.8.13
2.8.14
2.8.15
2.8.16rc1
2.8.16
2.8.17rc1
2.8.17
2.8.18rc1
2.8.18
2.8.19rc1
2.8.19
2.8.20rc1
2.8.20
2.9.0b1
2.9.0rc1
2.9.0rc2
2.9.0rc3
2.9.0rc4
2.9.0rc5
2.9.0
2.9.1
2.9.2
2.9.3
2.9.4
2.9.5
2.9.6
2.9.7
2.9.8
2.9.9
2.9.10
2.9.11
2.9.12
2.9.13
2.9.14rc1
2.9.14
2.9.15rc1
2.9.15
2.9.16rc1
2.9.16
2.9.17rc1
2.9.17
2.9.18rc1
2.9.18
2.9.19rc1
2.9.19
2.9.20rc1
2.9.20
2.9.21rc1
2.9.21
2.9.22rc1
2.9.22
2.9.23rc1
2.9.23
2.9.24rc1
2.9.24
2.9.25rc1
2.9.25
2.9.26rc1
2.9.26
2.9.27rc1
2.9.27
2.10.0a1
2.10.0a2
2.10.0a3
2.10.0a4
2.10.0a5
2.10.0a6
2.10.0a7
2.10.0a8
2.10.0a9
2.10.0b1
2.10.0b2
2.10.0rc1
2.10.0
2.10.1
2.10.2
2.10.3
2.10.4
2.10.5
2.10.6
2.10.7

3.*

3.0.0b1
3.0.0rc1
3.0.0
3.1.0
3.2.0
3.3.0
3.4.0

4.*

4.0.0a1
4.0.0a2
4.0.0a3
4.0.0a4
4.0.0b1
4.0.0b2
4.0.0rc1
4.0.0
4.1.0
4.2.0
4.3.0
4.4.0
4.5.0
4.6.0
4.7.0
4.8.0
4.9.0
4.10.0

5.*

5.0.0a1
5.0.0a2
5.0.0a3
5.0.0b1
5.0.0b2
5.0.0rc1
5.0.1
5.1.0
5.2.0
5.3.0
5.4.0
5.5.0
5.6.0
5.7.0
5.7.1
5.8.0
5.9.0
5.10.0

6.*

6.0.0a1
6.0.0a2
6.0.0a3
6.0.0b1
6.0.0b2
6.0.0rc1
6.0.0
6.1.0
6.2.0
6.3.0
6.4.0
6.5.0
6.6.0
6.7.0

7.*

7.0.0a1
7.0.0a2
7.0.0b1
7.0.0rc1