HIGH 7.5

GHSA-cpx3-93w7-457x

Ansible leaks password to logs

상세

A flaw was found in Ansible in the amazon.aws collection when using the `tower_callback` parameter from the `amazon.aws.ec2_instance` module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / ansible

최초 영향 버전: 2.5.0 수정 버전: 7.0.0

수정 pip install --upgrade 'ansible>=7.0.0'

참고

https://nvd.nist.gov/vuln/detail/CVE-2022-3697 [ADVISORY]
https://github.com/ansible-collections/amazon.aws/pull/1199 [WEB]
https://github.com/ansible/ansible/pull/35749 [WEB]
https://github.com/ansible-community/ansible-build-data/blob/main/6/CHANGELOG-v6.rst [WEB]
https://github.com/ansible/ansible [PACKAGE]
https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html [WEB]