{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-3697","assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","dateUpdated":"2025-02-13T16:32:52.283Z","dateReserved":"2022-10-26T00:00:00.000Z","datePublished":"2022-10-28T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat","dateUpdated":"2023-12-28T19:06:27.294Z"},"descriptions":[{"lang":"en","value":"A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs."}],"affected":[{"vendor":"n/a","product":"ansible, ansible community.aws, ansible amazon.aws","versions":[{"version":"ansible from 2.5.0 before 2.10","status":"affected"},{"version":"ansible community.aws before 2.0.0","status":"affected"},{"version":"ansible amazon.aws from 2.1.0 before 5.1.0","status":"affected"}]}],"references":[{"url":"https://github.com/ansible-collections/amazon.aws/pull/1199"},{"url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-233","cweId":"CWE-233"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T01:14:03.351Z"},"title":"CVE Program Container","references":[{"url":"https://github.com/ansible-collections/amazon.aws/pull/1199","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html","tags":["x_transferred"]}]}]}}