Описание
Ansible leaks password to logs
A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-3697
- https://github.com/ansible-collections/amazon.aws/pull/1199
- https://github.com/ansible/ansible/pull/35749
- https://github.com/ansible-community/ansible-build-data/blob/main/6/CHANGELOG-v6.rst
- https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html
Пакеты
ansible
>= 2.5.0, < 7.0.0
7.0.0
Связанные уязвимости
A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.
A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.
A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.
A flaw was found in Ansible in the amazon.aws collection when using th ...
Уязвимость модуля amazon.aws.ec2_instance управления конфигурациями Ansible, связанная с ошибками обработки параметров, позволяющая нарушителю получить доступ к конфиденциальным данным