Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for ansible_collection by redhat

    CVE-2023-4237 (GCVE-0-2023-4237)

    Vulnerability from nvd – Published: 2023-10-04 14:23 – Updated: 2026-02-25 18:31
    VLAI
    Title
    Platform: ec2_key module prints out the private key directly to the standard output
    Summary
    A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability.
    CWE
    • CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
    Assigner
    References
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8     cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8 Unaffected: 1.0.0-423 , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_cloud_billing:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9     cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9 Unaffected: 1.0.0-424 , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_cloud_billing:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
    Create a notification for this product.
    Date Public
    2023-08-08 11:15
    Credits
    Red Hat would like to thank Jill Rouleau (redhat) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-10-25T13:07:30.578Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHBA-2023:5653",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHBA-2023:5653"
              },
              {
                "name": "RHBA-2023:5666",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHBA-2023:5666"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-4237"
              },
              {
                "name": "RHBZ#2229979",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2229979"
              },
              {
                "url": "https://security.netapp.com/advisory/ntap-20241025-0002/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
              ],
              "defaultStatus": "unaffected",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_cloud_billing:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-24/ee-supported-rhel8",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.0.0-423",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
              ],
              "defaultStatus": "unaffected",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_cloud_billing:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-24/ee-supported-rhel9",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.0.0-424",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Jill Rouleau (redhat) for reporting this issue."
            }
          ],
          "datePublic": "2023-08-08T11:15:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system\u0027s confidentiality, integrity, and availability."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-25T18:31:55.136Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHBA-2023:5653",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHBA-2023:5653"
            },
            {
              "name": "RHBA-2023:5666",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHBA-2023:5666"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-4237"
            },
            {
              "name": "RHBZ#2229979",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2229979"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-08-08T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-08-08T11:15:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Platform: ec2_key module prints out the private key directly to the standard output",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-4237",
        "datePublished": "2023-10-04T14:23:20.710Z",
        "dateReserved": "2023-08-08T11:15:05.990Z",
        "dateUpdated": "2026-02-25T18:31:55.136Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-3697 (GCVE-0-2022-3697)

    Vulnerability from nvd – Published: 2022-10-28 00:00 – Updated: 2025-02-13 16:32
    VLAI
    Summary
    A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.
    Severity
    No CVSS data available.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    n/a ansible, ansible community.aws, ansible amazon.aws Affected: ansible from 2.5.0 before 2.10
    Affected: ansible community.aws before 2.0.0
    Affected: ansible amazon.aws from 2.1.0 before 5.1.0
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:14:03.351Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/ansible-collections/amazon.aws/pull/1199"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ansible, ansible community.aws, ansible amazon.aws",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "ansible from 2.5.0 before 2.10"
                },
                {
                  "status": "affected",
                  "version": "ansible community.aws before 2.0.0"
                },
                {
                  "status": "affected",
                  "version": "ansible amazon.aws from 2.1.0 before 5.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-233",
                  "description": "CWE-233",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-28T19:06:27.294Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "url": "https://github.com/ansible-collections/amazon.aws/pull/1199"
            },
            {
              "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2022-3697",
        "datePublished": "2022-10-28T00:00:00.000Z",
        "dateReserved": "2022-10-26T00:00:00.000Z",
        "dateUpdated": "2025-02-13T16:32:52.283Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-4237 (GCVE-0-2023-4237)

    Vulnerability from cvelistv5 – Published: 2023-10-04 14:23 – Updated: 2026-02-25 18:31
    VLAI
    Title
    Platform: ec2_key module prints out the private key directly to the standard output
    Summary
    A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability.
    CWE
    • CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
    Assigner
    References
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8     cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8 Unaffected: 1.0.0-423 , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_cloud_billing:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9     cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9 Unaffected: 1.0.0-424 , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_cloud_billing:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
    Create a notification for this product.
    Date Public
    2023-08-08 11:15
    Credits
    Red Hat would like to thank Jill Rouleau (redhat) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-10-25T13:07:30.578Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHBA-2023:5653",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHBA-2023:5653"
              },
              {
                "name": "RHBA-2023:5666",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHBA-2023:5666"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-4237"
              },
              {
                "name": "RHBZ#2229979",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2229979"
              },
              {
                "url": "https://security.netapp.com/advisory/ntap-20241025-0002/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
              ],
              "defaultStatus": "unaffected",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_cloud_billing:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-24/ee-supported-rhel8",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.0.0-423",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
              ],
              "defaultStatus": "unaffected",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_cloud_billing:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-24/ee-supported-rhel9",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.0.0-424",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Jill Rouleau (redhat) for reporting this issue."
            }
          ],
          "datePublic": "2023-08-08T11:15:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system\u0027s confidentiality, integrity, and availability."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-25T18:31:55.136Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHBA-2023:5653",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHBA-2023:5653"
            },
            {
              "name": "RHBA-2023:5666",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHBA-2023:5666"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-4237"
            },
            {
              "name": "RHBZ#2229979",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2229979"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-08-08T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-08-08T11:15:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Platform: ec2_key module prints out the private key directly to the standard output",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-4237",
        "datePublished": "2023-10-04T14:23:20.710Z",
        "dateReserved": "2023-08-08T11:15:05.990Z",
        "dateUpdated": "2026-02-25T18:31:55.136Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-3697 (GCVE-0-2022-3697)

    Vulnerability from cvelistv5 – Published: 2022-10-28 00:00 – Updated: 2025-02-13 16:32
    VLAI
    Summary
    A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.
    Severity
    No CVSS data available.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    n/a ansible, ansible community.aws, ansible amazon.aws Affected: ansible from 2.5.0 before 2.10
    Affected: ansible community.aws before 2.0.0
    Affected: ansible amazon.aws from 2.1.0 before 5.1.0
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:14:03.351Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/ansible-collections/amazon.aws/pull/1199"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ansible, ansible community.aws, ansible amazon.aws",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "ansible from 2.5.0 before 2.10"
                },
                {
                  "status": "affected",
                  "version": "ansible community.aws before 2.0.0"
                },
                {
                  "status": "affected",
                  "version": "ansible amazon.aws from 2.1.0 before 5.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-233",
                  "description": "CWE-233",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-28T19:06:27.294Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "url": "https://github.com/ansible-collections/amazon.aws/pull/1199"
            },
            {
              "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2022-3697",
        "datePublished": "2022-10-28T00:00:00.000Z",
        "dateReserved": "2022-10-26T00:00:00.000Z",
        "dateUpdated": "2025-02-13T16:32:52.283Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }