GHSA-cpx3-93w7-457x
Suggest an improvement- Source
- https://github.com/advisories/GHSA-cpx3-93w7-457x
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-cpx3-93w7-457x/GHSA-cpx3-93w7-457x.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-cpx3-93w7-457x
- Aliases
- Published
- 2022-10-28T19:00:38Z
- Modified
- 2024-02-16T08:07:34.204086Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- Ansible leaks password to logs
- Details
-
A flaw was found in Ansible in the amazon.aws collection when using the
tower_callbackparameter from theamazon.aws.ec2_instancemodule. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs. - Database specific
{ "nvd_published_at": "2022-10-28T16:15:00Z", "github_reviewed_at": "2023-01-24T23:11:22Z", "cwe_ids": [ "CWE-233" ], "severity": "HIGH", "github_reviewed": true }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-3697
- https://github.com/ansible-collections/amazon.aws/pull/1199
- https://github.com/ansible/ansible/pull/35749
- https://github.com/ansible-community/ansible-build-data/blob/main/6/CHANGELOG-v6.rst
- https://github.com/ansible/ansible
- https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html
Affected packages
PyPI / ansible
Package
- Name
- ansible
- View open source insights on deps.dev
- Purl
- pkg:pypi/ansible
Affected versions
2.*
2.5.0
2.5.1
2.5.2
2.5.3
2.5.4
2.5.5
2.5.6
2.5.7
2.5.8
2.5.9
2.5.10
2.5.11
2.5.12
2.5.13
2.5.14
2.5.15
2.6.0a1
2.6.0a2
2.6.0rc1
2.6.0rc2
2.6.0rc3
2.6.0rc4
2.6.0rc5
2.6.0
2.6.1
2.6.2
2.6.3
2.6.4
2.6.5
2.6.6
2.6.7
2.6.8
2.6.9
2.6.10
2.6.11
2.6.12
2.6.13
2.6.14
2.6.15
2.6.16
2.6.17
2.6.18
2.6.19
2.6.20
2.7.0.dev0
2.7.0a1
2.7.0b1
2.7.0rc1
2.7.0rc2
2.7.0rc3
2.7.0rc4
2.7.0
2.7.1
2.7.2
2.7.3
2.7.4
2.7.5
2.7.6
2.7.7
2.7.8
2.7.9
2.7.10
2.7.11
2.7.12
2.7.13
2.7.14
2.7.15
2.7.16
2.7.17
2.7.18
2.8.0a1
2.8.0b1
2.8.0rc1
2.8.0rc2
2.8.0rc3
2.8.0
2.8.1
2.8.2
2.8.3
2.8.4
2.8.5
2.8.6
2.8.7
2.8.8
2.8.9
2.8.10
2.8.11
2.8.12
2.8.13
2.8.14
2.8.15
2.8.16rc1
2.8.16
2.8.17rc1
2.8.17
2.8.18rc1
2.8.18
2.8.19rc1
2.8.19
2.8.20rc1
2.8.20
2.9.0b1
2.9.0rc1
2.9.0rc2
2.9.0rc3
2.9.0rc4
2.9.0rc5
2.9.0
2.9.1
2.9.2
2.9.3
2.9.4
2.9.5
2.9.6
2.9.7
2.9.8
2.9.9
2.9.10
2.9.11
2.9.12
2.9.13
2.9.14rc1
2.9.14
2.9.15rc1
2.9.15
2.9.16rc1
2.9.16
2.9.17rc1
2.9.17
2.9.18rc1
2.9.18
2.9.19rc1
2.9.19
2.9.20rc1
2.9.20
2.9.21rc1
2.9.21
2.9.22rc1
2.9.22
2.9.23rc1
2.9.23
2.9.24rc1
2.9.24
2.9.25rc1
2.9.25
2.9.26rc1
2.9.26
2.9.27rc1
2.9.27
2.10.0a1
2.10.0a2
2.10.0a3
2.10.0a4
2.10.0a5
2.10.0a6
2.10.0a7
2.10.0a8
2.10.0a9
2.10.0b1
2.10.0b2
2.10.0rc1
2.10.0
2.10.1
2.10.2
2.10.3
2.10.4
2.10.5
2.10.6
2.10.7
3.*
3.0.0b1
3.0.0rc1
3.0.0
3.1.0
3.2.0
3.3.0
3.4.0
4.*
4.0.0a1
4.0.0a2
4.0.0a3
4.0.0a4
4.0.0b1
4.0.0b2
4.0.0rc1
4.0.0
4.1.0
4.2.0
4.3.0
4.4.0
4.5.0
4.6.0
4.7.0
4.8.0
4.9.0
4.10.0
5.*
5.0.0a1
5.0.0a2
5.0.0a3
5.0.0b1
5.0.0b2
5.0.0rc1
5.0.1
5.1.0
5.2.0
5.3.0
5.4.0
5.5.0
5.6.0
5.7.0
5.7.1
5.8.0
5.9.0
5.10.0
6.*
6.0.0a1
6.0.0a2
6.0.0a3
6.0.0b1
6.0.0b2
6.0.0rc1
6.0.0
6.1.0
6.2.0
6.3.0
6.4.0
6.5.0
6.6.0
6.7.0
7.*
7.0.0a1
7.0.0a2
7.0.0b1
7.0.0rc1