A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1831089 | Issue Tracking Vendor Advisory |
https://github.com/ansible/ansible/issues/34144 | Exploit Issue Tracking Third Party Advisory |
https://www.debian.org/security/2021/dsa-4950 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2021-05-27T18:46:12
Updated: 2021-08-07T14:06:30
Reserved: 2020-03-20T00:00:00
Link: CVE-2020-10729
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-05-27T19:15:07.880
Modified: 2021-12-10T19:57:06.357
Link: CVE-2020-10729
JSON object: View
Redhat Information
No data.
CWE