CVE-2022-3697 Vulnerability Details

  /     /     /  

CVE-2022-3697 Metadata Quick Info

CVE Published: 28/10/2022 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: redhat | Vendor: n/a | Product: ansible, ansible community.aws, ansible amazon.aws
Status : PUBLISHED

---

CVE-2022-3697 Description

A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-233
CWE Name: CWE-233
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).