VDB

DEBIAN-CVE-2022-3697

DEBIAN-CVE-2022-3697 PUBLISHED CVSS 7.5 HIGH

A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

VendorProductVersions
Debian:14ansible0, 0, 0
Debian:12ansible0, 0, 0
Debian:11ansible0, 2.10.7+merged, 0
Debian:13ansible0, 0, 0

Timeline

  • Oct 28, 2022 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›