Описание
A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| ansible | fixed | 7.0.0+dfsg-1 | package | |
| ansible | fixed | 2.10.7+merged+base+2.10.17+dfsg-0+deb11u1 | bullseye | package |
Примечания
https://bugzilla.redhat.com/show_bug.cgi?id=2137664
https://github.com/ansible-collections/amazon.aws/pull/1199
EPSS
Связанные уязвимости
A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.
A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.
A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.
Уязвимость модуля amazon.aws.ec2_instance управления конфигурациями Ansible, связанная с ошибками обработки параметров, позволяющая нарушителю получить доступ к конфиденциальным данным
EPSS