Headline
CVE-2022-3697: ec2_instance - validate options on tower_callback by tremble · Pull Request #1199 · ansible-collections/amazon.aws
A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.
tremble marked this pull request as ready for review
Oct 25, 2022
patchback bot pushed a commit that referenced this pull request
Oct 26, 2022
ec2_instance - validate options on tower_callback
Depends-On: #1202 SUMMARY
Validate options for tower_callback parameter Set tower_callback.set_password (the password) to no_log=True
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME ec2_instance ADDITIONAL INFORMATION
Reviewed-by: Alina Buzachis <None> (cherry picked from commit 5fe427c)
patchback bot pushed a commit that referenced this pull request
Oct 26, 2022
ec2_instance - validate options on tower_callback
Depends-On: #1202 SUMMARY
Validate options for tower_callback parameter Set tower_callback.set_password (the password) to no_log=True
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME ec2_instance ADDITIONAL INFORMATION
Reviewed-by: Alina Buzachis <None> (cherry picked from commit 5fe427c)
patchback bot pushed a commit that referenced this pull request
Oct 26, 2022
ec2_instance - validate options on tower_callback
Depends-On: #1202 SUMMARY
Validate options for tower_callback parameter Set tower_callback.set_password (the password) to no_log=True
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME ec2_instance ADDITIONAL INFORMATION
Reviewed-by: Alina Buzachis <None> (cherry picked from commit 5fe427c)
softwarefactory-project-zuul bot pushed a commit that referenced this pull request
Oct 27, 2022
[PR #1199/5fe427c6 backport][stable-5] ec2_instance - validate options on tower_callback
This is a backport of PR #1199 as merged into main (5fe427c). Depends-On: #1202 SUMMARY
Validate options for tower_callback parameter Set tower_callback.set_password (the password) to no_log=True
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME ec2_instance ADDITIONAL INFORMATION
Reviewed-by: Jill R <None>
softwarefactory-project-zuul bot pushed a commit that referenced this pull request
Oct 27, 2022
[PR #1199/5fe427c6 backport][stable-4] ec2_instance - validate options on tower_callback
This is a backport of PR #1199 as merged into main (5fe427c). Depends-On: #1202 SUMMARY
Validate options for tower_callback parameter Set tower_callback.set_password (the password) to no_log=True
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME ec2_instance ADDITIONAL INFORMATION
Reviewed-by: Mark Chappell <None>
Related news
Ubuntu Security Notice 6846-2 - USN-6846-1 fixed vulnerabilities in ansible. The update introduced a regression in ansible. This update fixes the problem. It was discovered that Ansible incorrectly handled certain inputs when using tower_callback parameter. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
Ubuntu Security Notice 6846-1 - It was discovered that Ansible incorrectly handled certain inputs when using tower_callback parameter. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. It was discovered that Ansible incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform a Template Injection.