CVE-2022-3697

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Ansible (affected versions not specified)

Description A flaw was found in Ansible in the amazon.aws collection when using the tower callback parameter from the amazon.aws.ec2 instance module. This issue allows an attacker to take advantage of the insecure handling of the parameter, leading to the password leaking in the logs.

Recommendations As a temporary workaround, consider disabling the tower callback parameter in the amazon.aws.ec2 instance module until a patch is available. Restrict access to the amazon.aws.ec2 instance module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-233

Related Identifiers

BDU:2024-07358

CVE-2022-3697

DLA-3695-1

DLA-3695-2

GHSA-CPX3-93W7-457X

OESA-2025-1125

ROSA-SA-2024-2334

USN-6846-1

USN-6846-2

USN-6846-3

Affected Products

Ansible

Ansible-Core

Astra Linux

Linuxmint

Red Os

Ubuntu

CVE-2022-3697

Weakness Enumeration

Related Identifiers

Affected Products

References · 35