HIGH🇬🇧 English

CVE-2022-3697

CVSS 7.5v3.1pub. 2022-10-28upd. 2024-11-21

A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Red Hat Ansible

    APP
    Redhat
    2.5.0 – 2.10.0 (bez)
  • Red Hat Ansible Collection

    APP
    Redhat
    < 2.0.02.1.0 – 5.1.0 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2014-4678CRITICAL9.8ten sam produkt

The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote...

CVE-2014-4657CRITICAL9.8ten sam produkt

The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote...

CVE-2014-4966CRITICAL9.8ten sam produkt

Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent r...

CVE-2014-4967CRITICAL9.8ten sam produkt

Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrar...

CVE-2017-7550CRITICAL9.8ten sam produkt

A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to ...