CVE-2020-10729 — Vulnetix

Try Vulnetix Request Demo

CVE-2020-10729 PUBLISHED

A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6.

EPSS 0.08% · 23.2th percentile

Risk Scores

EPSS Score

0.08%

23.2th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:Pro:16.04:LTS	ansible	0, 1.9.2+dfsg-2, 1.9.4-1
Ubuntu:Pro:18.04:LTS	ansible	0, 2.3.1.0+dfsg-2, 2.5.0+dfsg-1

Timeline

May 27, 2021 CVE Published
May 28, 2021 EPSS Score
Jun 8, 2021 EPSS Score
Jul 30, 2021 EPSS Score
Aug 8, 2021 EPSS Score
Sep 28, 2021 EPSS Score
Oct 11, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Jan 27, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 29, 2022 EPSS Score

References

https://ubuntu.com/security/CVE-2020-10729 third-party-advisory
https://github.com/ansible/ansible/issues/34144 third-party-advisory
https://github.com/ansible/ansible/pull/67429/ third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2020-10729 third-party-advisory
https://ubuntu.com/security/notices/USN-7330-1 vendor-advisory

Open in Interactive Console →