VDB
CVE-2022-3697
CVE-2022-3697
PUBLISHED
Es existiert eine Schwachstelle in Ansible. Der Fehler besteht in der amazon.aws-Sammlung bei der Verwendung des tower_callback-Parameters aus dem amazon.aws.ec2_instance-Modul. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, da das Modul den Parameter unsicher handhabt, was dazu führt, dass das Passwort in den Protokollen offengelegt wird.
EPSS 0.23% · 45.7th percentile
Risk Scores
EPSS Score
0.23%
45.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu | Ubuntu Linux | |
| Debian | Debian Linux | |
| Open Source | Open Source Ansible |
Timeline
- Oct 28, 2022 CVE Published
- Oct 29, 2022 EPSS Score
- Dec 11, 2022 EPSS Score
- Jan 24, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 8, 2023 EPSS Score
- Apr 21, 2023 EPSS Score
- Jun 3, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
- Aug 29, 2023 EPSS Score
- Oct 11, 2023 EPSS Score
- Nov 24, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1899.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1899 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-3697 advisory
- https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html advisory
- https://ubuntu.com/security/notices/USN-6846-1 advisory
- https://ubuntu.com/security/notices/USN-6846-2 advisory
- https://ubuntu.com/security/notices/USN-6846-3 advisory