A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.
CPE | Name | Operator | Version |
---|---|---|---|
ansible | ge | 2.5.0 | |
ansible | lt | 2.10.0 | |
ansible_collection | lt | 2.0.0 | |
ansible_collection | ge | 2.1.0 | |
ansible_collection | lt | 5.1.0 |