First published: Mon May 04 2020(Updated: )
Ansible template caching generates identical values when consecutive facts are created from password lookup with same length. Values should be different to prevent generate same passwords for different fields which can be used for different services or configurations and avoid exposing all of them at once.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/ansible-engine | <2.9.6 | 2.9.6 |
Redhat Ansible Engine | <2.9.6 | |
Redhat Enterprise Linux | =7.0 | |
Redhat Enterprise Linux | =8.0 | |
Debian Debian Linux | =10.0 | |
debian/ansible | 2.7.7+dfsg-1+deb10u1 2.7.7+dfsg-1+deb10u2 2.10.7+merged+base+2.10.8+dfsg-1 7.3.0+dfsg-1 7.7.0+dfsg-3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-10729 is a vulnerability in Ansible that allows for the generation of insufficiently random values, potentially leading to the exposure of sensitive information.
The severity of CVE-2020-10729 is medium, with a severity score of 5.5.
CVE-2020-10729 affects Ansible by allowing two random password lookups of the same length to generate equal values, potentially exposing all passwords due to template caching.
The affected software versions include Ansible 2.9.6, Redhat Ansible Engine up to version 2.9.6, and Debian Debian Linux 10.0 with specific package versions.
To fix CVE-2020-10729, it is recommended to update to the latest patched version of Ansible or apply the specific remedy provided by the vendor.