A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NRed Hat Ansible
APPRedhat2.5.0 – 2.10.0 (bez)Red Hat Ansible Collection
APPRedhat< 2.0.02.1.0 – 5.1.0 (bez)
Powiązane podatności
The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote...
The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote...
Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent r...
Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrar...
A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to ...