{ "document": { "aggregate_severity": { "text": "High" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/ubuntu16.04els/vex/2022/cve-2022-3697-els_os-ubuntu16_04els.json" } ], "tracking": { "current_release_date": "2026-06-13T14:43:15Z", "generator": { "date": "2026-06-13T14:43:15Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2022-3697-ELS_OS-UBUNTU16.04ELS", "initial_release_date": "2022-10-28T16:15:00Z", "revision_history": [ { "date": "2022-10-28T16:15:00Z", "number": "1", "summary": "Initial version" }, { "date": "2025-11-29T17:45:37Z", "number": "2", "summary": "Official Publication" }, { "date": "2025-12-23T22:15:38Z", "number": "3", "summary": "Update document" }, { "date": "2026-06-13T14:43:15Z", "number": "4", "summary": "Update document" } ], "status": "final", "version": "4" }, "title": "Security update on CVE-2022-3697" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Ubuntu 16.04", "product": { "name": "Ubuntu 16.04", "product_id": "Ubuntu-16", "product_identification_helper": { "cpe": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" } } } ], "category": "product_family", "name": "Ubuntu" } ], "category": "vendor", "name": "Canonical Ltd." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els8.all", "product": { "name": "ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els8.all", "product_id": "ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els8.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/ansible@2.1.1.0-1~ubuntu16.04.1%2Btuxcare.els8?arch=all" } } }, { "category": "product_version", "name": "ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els12.all", "product": { "name": "ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els12.all", "product_id": "ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els12.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/ansible@2.1.1.0-1~ubuntu16.04.1%2Btuxcare.els12?arch=all" } } }, { "category": "product_version", "name": "ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els2.all", "product": { "name": "ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els2.all", "product_id": "ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els2.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/ansible@2.1.1.0-1~ubuntu16.04.1%2Btuxcare.els2?arch=all" } } }, { "category": "product_version", "name": "ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els11.all", "product": { "name": "ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els11.all", "product_id": "ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els11.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/ansible@2.1.1.0-1~ubuntu16.04.1%2Btuxcare.els11?arch=all" } } }, { "category": "product_version", "name": "ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els4.all", "product": { "name": "ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els4.all", "product_id": "ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els4.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/ansible@2.1.1.0-1~ubuntu16.04.1%2Btuxcare.els4?arch=all" } } }, { "category": "product_version", "name": "ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els5.all", "product": { "name": "ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els5.all", "product_id": "ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els5.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/ansible@2.1.1.0-1~ubuntu16.04.1%2Btuxcare.els5?arch=all" } } } ], "category": "architecture", "name": "all" } ], "category": "vendor", "name": "CloudLinux" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els1.all", "product": { "name": "ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els1.all", "product_id": "ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els1.all", "product_identification_helper": { "purl": "pkg:deb/tuxcare/ansible@2.1.1.0-1~ubuntu16.04.1%2Btuxcare.els1?arch=all" } } } ], "category": "architecture", "name": "all" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els8.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els8.all" }, "product_reference": "ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els8.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els1.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els1.all" }, "product_reference": "ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els1.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els12.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els12.all" }, "product_reference": "ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els12.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els2.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els2.all" }, "product_reference": "ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els2.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els11.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els11.all" }, "product_reference": "ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els11.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els4.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els4.all" }, "product_reference": "ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els4.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els5.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els5.all" }, "product_reference": "ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els5.all", "relates_to_product_reference": "Ubuntu-16" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-3697", "cwe": { "id": "CWE-233", "name": "Improper Handling of Parameters" }, "notes": [ { "category": "description", "text": "A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "other", "text": "TuxCare has assessed that this vulnerability does not impact any currently supported TuxCare products. This evaluation may change as new information becomes available. For additional details regarding this vulnerability and affected products, refer to the provided references.", "title": "Statement" } ], "product_status": { "known_not_affected": [ "Ubuntu-16:ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els1.all", "Ubuntu-16:ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els11.all", "Ubuntu-16:ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els12.all", "Ubuntu-16:ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els2.all", "Ubuntu-16:ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els4.all", "Ubuntu-16:ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els5.all", "Ubuntu-16:ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els8.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-3697" }, { "category": "external", "summary": "https://github.com/ansible-collections/amazon.aws/pull/1199", "url": "https://github.com/ansible-collections/amazon.aws/pull/1199" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html", "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html" } ], "release_date": "2022-10-28T16:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Ubuntu-16:ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els1.all", "Ubuntu-16:ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els11.all", "Ubuntu-16:ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els12.all", "Ubuntu-16:ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els2.all", "Ubuntu-16:ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els4.all", "Ubuntu-16:ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els5.all", "Ubuntu-16:ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els8.all" ] } ], "threats": [ { "category": "impact", "details": "Important" }, { "category": "impact", "date": "2026-06-12T12:59:09.852484Z", "details": "Not affected: CVE-2022-3697 only applies to Ansible’s amazon.aws.ec2_instance module when the tower_callback parameter is used, which can cause credentials to be written to logs. The amazon.aws.ec2_instance module is not present in this environment, so the vulnerable code path does not exist or execute. Therefore, there is no exposure to this flaw.", "product_ids": [ "Ubuntu-16:ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els1.all", "Ubuntu-16:ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els11.all", "Ubuntu-16:ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els12.all", "Ubuntu-16:ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els2.all", "Ubuntu-16:ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els4.all", "Ubuntu-16:ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els5.all", "Ubuntu-16:ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els8.all" ] } ] } ] }