Ubuntu.comUB:CVE-2020-10729CVE-2020-10729
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
24.8%
A flaw was found in the use of insufficiently random values in Ansible. Two
random password lookups of the same length generate the equal value as the
template caching action for the same file since no re-evaluation happens.
The highest threat from this vulnerability would be that all passwords are
exposed at once for the file. This flaw affects Ansible Engine versions
before 2.9.6.
References
github.com/ansible/ansible/commit/b38603c45ed3a53574ec2080fb3a24db38ab5bc6
github.com/ansible/ansible/issues/34144
github.com/ansible/ansible/pull/67429/
launchpad.net/bugs/cve/CVE-2020-10729
nvd.nist.gov/vuln/detail/CVE-2020-10729
security-tracker.debian.org/tracker/CVE-2020-10729
www.cve.org/CVERecord?id=CVE-2020-10729
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
24.8%