Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-dzdx-wae5-8ydy
Vulnerability ID VCID-dzdx-wae5-8ydy
Aliases CVE-2022-3697
GHSA-cpx3-93w7-457x
Summary Ansible leaks password to logs A flaw was found in Ansible in the amazon.aws collection when using the `tower_callback` parameter from the `amazon.aws.ec2_instance` module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-233 Improper Handling of Parameters
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 5.7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3697.json
epss 0.00191 https://api.first.org/data/v1/epss?cve=CVE-2022-3697
epss 0.00191 https://api.first.org/data/v1/epss?cve=CVE-2022-3697
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2022-3697
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2022-3697
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2022-3697
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2022-3697
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2022-3697
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2022-3697
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2022-3697
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2022-3697
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2022-3697
epss 0.00228 https://api.first.org/data/v1/epss?cve=CVE-2022-3697
epss 0.00228 https://api.first.org/data/v1/epss?cve=CVE-2022-3697
epss 0.00228 https://api.first.org/data/v1/epss?cve=CVE-2022-3697
cvssv3.1 5.7 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-cpx3-93w7-457x
cvssv3.1 7.5 https://github.com/ansible/ansible
generic_textual HIGH https://github.com/ansible/ansible
cvssv3.1 7.5 https://github.com/ansible/ansible/pull/35749
generic_textual HIGH https://github.com/ansible/ansible/pull/35749
cvssv3.1 7.5 https://github.com/ansible-collections/amazon.aws/pull/1199
generic_textual HIGH https://github.com/ansible-collections/amazon.aws/pull/1199
cvssv3.1 7.5 https://github.com/ansible-community/ansible-build-data/blob/main/6/CHANGELOG-v6.rst
generic_textual HIGH https://github.com/ansible-community/ansible-build-data/blob/main/6/CHANGELOG-v6.rst
cvssv3.1 7.5 https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html
generic_textual HIGH https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3697
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2022-3697
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3697.json
https://api.first.org/data/v1/epss?cve=CVE-2022-3697
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3697
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/ansible/ansible
https://github.com/ansible/ansible/pull/35749
https://github.com/ansible-collections/amazon.aws/pull/1199
https://github.com/ansible-community/ansible-build-data/blob/main/6/CHANGELOG-v6.rst
https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html
https://nvd.nist.gov/vuln/detail/CVE-2022-3697
2137664 https://bugzilla.redhat.com/show_bug.cgi?id=2137664
GHSA-cpx3-93w7-457x https://github.com/advisories/GHSA-cpx3-93w7-457x
USN-6846-1 https://usn.ubuntu.com/6846-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3697.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible/pull/35749
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/ansible-collections/amazon.aws/pull/1199
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/ansible-community/ansible-build-data/blob/main/6/CHANGELOG-v6.rst
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-3697
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.41008
EPSS Score 0.00191
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:04:45.006172+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-cpx3-93w7-457x/GHSA-cpx3-93w7-457x.json 38.0.0