{"id":"CVE-2022-3697","details":"A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.","aliases":["GHSA-cpx3-93w7-457x"],"modified":"2026-04-10T04:52:43.220201Z","published":"2022-10-28T16:15:16.403Z","references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"},{"type":"ADVISORY","url":"https://github.com/ansible-collections/amazon.aws/pull/1199"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ansible-collections/community.aws","events":[{"introduced":"0"},{"fixed":"ee984b2b972275bbc4e6a011ed9046d497689e16"},{"introduced":"bf3a4c6818223d68c3961dbd242f992c872e0b9d"},{"fixed":"751dcb28368703693a49e8cea371fd467dd12d92"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.0.0"},{"introduced":"2.1.0"},{"fixed":"5.1.0"}]}},{"type":"GIT","repo":"https://github.com/ansible/ansible","events":[{"introduced":"2c2dd1a1b3eca6248979e04e70afff6dd3fcf366"},{"fixed":"a6ed9551320b5f9d2a15a69e4c8b22ee31f0f778"}],"database_specific":{"versions":[{"introduced":"2.5.0"},{"fixed":"2.10.0"}]}}],"versions":["0.1.2","1.0.0","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.5.0","2.1.0","3.0.0","3.0.1","4.0.0","5.0.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3697.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}