CVE-2022-3697
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.
Se encontró una falla en Ansible en la colección amazon.aws al usar el parámetro tower_callback del módulo amazon.aws.ec2_instance. Esta falla permite que un atacante aproveche este problema ya que el módulo maneja el parámetro de manera insegura, lo que provoca que la contraseña se filtre en los registros.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-10-26 CVE Reserved
- 2022-10-28 CVE Published
- 2024-05-20 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-233: Improper Handling of Parameters
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://github.com/ansible-collections/amazon.aws/pull/1199 | Third Party Advisory | |
| https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Ansible Search vendor "Redhat" for product "Ansible" | >= 2.5.0 < 2.10.0 Search vendor "Redhat" for product "Ansible" and version " >= 2.5.0 < 2.10.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Ansible Collection Search vendor "Redhat" for product "Ansible Collection" | < 2.0.0 Search vendor "Redhat" for product "Ansible Collection" and version " < 2.0.0" | community_aws |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Ansible Collection Search vendor "Redhat" for product "Ansible Collection" | >= 2.1.0 < 5.1.0 Search vendor "Redhat" for product "Ansible Collection" and version " >= 2.1.0 < 5.1.0" | aws |
Affected
| ||||||