A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ansible | Redhat | 2.5.0 (including) | 2.10.0 (excluding) |
Ansible_collection | Redhat | * | 2.0.0 (excluding) |
Ansible_collection | Redhat | 2.1.0 (including) | 5.1.0 (excluding) |