CVE-2022-3697
See a problem?- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-3697
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-3697.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-3697
- Aliases
- Related
- Published
- 2022-10-28T16:15:16Z
- Modified
- 2024-09-11T04:54:38.808454Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A flaw was found in Ansible in the amazon.aws collection when using the towercallback parameter from the amazon.aws.ec2instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.
- References
Affected packages
Debian:11 / ansible
Package
- Name
- ansible
- Purl
- pkg:deb/debian/ansible?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.10.7+merged+base+2.10.8+dfsg-1
2.10.7+merged+base+2.10.17+dfsg-0+deb11u1
4.*
4.6.0-1
5.*
5.4.0-1
5.5.0-1
6.*
6.3.0+dfsg-1
6.4.0+dfsg-1
7.*
7.0.0+dfsg-1
7.0.0+dfsg-2
7.1.0+dfsg-1
7.2.0+dfsg-2
7.3.0+dfsg-1
7.7.0+dfsg-1
7.7.0+dfsg-2
7.7.0+dfsg-3
9.*
9.4.0+dfsg-1
9.5.1+dfsg-1
10.*
10.0.0+dfsg-1
10.0.1+dfsg-1
10.1.0+dfsg-1
Debian:12 / ansible
Package
- Name
- ansible
- Purl
- pkg:deb/debian/ansible?arch=source
Debian:13 / ansible
Package
- Name
- ansible
- Purl
- pkg:deb/debian/ansible?arch=source
Git / github.com/ansible-collections/amazon.aws
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ansible-collections/amazon.aws
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/ansible-collections/community.aws
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed