{"id":"CVE-2022-3697","details":"A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.","aliases":["GHSA-cpx3-93w7-457x"],"modified":"2026-05-18T05:54:33.012735692Z","published":"2022-10-28T00:00:00Z","database_specific":{"cna_assigner":"redhat","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/3xxx/CVE-2022-3697.json","cwe_ids":["CWE-233"]},"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/3xxx/CVE-2022-3697.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3697"},{"type":"FIX","url":"https://github.com/ansible-collections/amazon.aws/pull/1199"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ansible-collections/amazon.aws","events":[{"introduced":"0"},{"fixed":"e68f0e1c573a76efc4b2e40e6f4acdc8e8310729"},{"introduced":"013162a952c7b2d11c7e2ebf443d8d4d7a21e95a"},{"fixed":"54ce7db8fc4169e7a8c048d75a313bb7fd9e5d48"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"2.0.0"},{"introduced":"2.1.0"},{"fixed":"5.1.0"}],"cpe":["cpe:2.3:a:redhat:ansible_collection:*:*:*:*:*:community_aws:*:*","cpe:2.3:a:redhat:ansible_collection:*:*:*:*:*:aws:*:*"],"source":"CPE_FIELD"}}],"versions":["5.0.2","5.0.1","5.0.0","4.0.0","3.0.0","2.1.0","1.5.0","1.4.1","1.4.0","1.3.0","1.2.1","1.2.0","1.1.0","1.0.0","0.1.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-3697.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/ansible-collections/community.aws","events":[{"introduced":"0"},{"fixed":"ee984b2b972275bbc4e6a011ed9046d497689e16"},{"introduced":"bf3a4c6818223d68c3961dbd242f992c872e0b9d"},{"fixed":"751dcb28368703693a49e8cea371fd467dd12d92"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"2.0.0"},{"introduced":"2.1.0"},{"fixed":"5.1.0"}],"source":"CPE_FIELD","cpe":["cpe:2.3:a:redhat:ansible_collection:*:*:*:*:*:community_aws:*:*","cpe:2.3:a:redhat:ansible_collection:*:*:*:*:*:aws:*:*"]}}],"versions":["5.0.0","4.0.0","1.5.0","3.0.1","3.0.0","2.1.0","1.4.0","1.3.0","1.2.1","1.2.0","1.1.0","1.0.0","0.1.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-3697.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/ansible/ansible","events":[{"introduced":"2c2dd1a1b3eca6248979e04e70afff6dd3fcf366"},{"fixed":"a6ed9551320b5f9d2a15a69e4c8b22ee31f0f778"}],"database_specific":{"extracted_events":[{"introduced":"2.5.0"},{"fixed":"2.10.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*"}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-3697.json"}}],"schema_version":"1.7.5"}