What is CVE-2020-10729?

CVE-2020-10729 is a vulnerability in Ansible that allows for the generation of insufficiently random values, potentially leading to the exposure of sensitive information.

What is the severity of CVE-2020-10729?

The severity of CVE-2020-10729 is medium, with a severity score of 5.5.

How does CVE-2020-10729 affect Ansible?

CVE-2020-10729 affects Ansible by allowing two random password lookups of the same length to generate equal values, potentially exposing all passwords due to template caching.

Which software versions are affected by CVE-2020-10729?

The affected software versions include Ansible 2.9.6, Redhat Ansible Engine up to version 2.9.6, and Debian Debian Linux 10.0 with specific package versions.

How can I fix CVE-2020-10729?

To fix CVE-2020-10729, it is recommended to update to the latest patched version of Ansible or apply the specific remedy provided by the vendor.

Vulnerability/
CVE-2020-10729

medium

5.5

CWE

330

4/5/2020

27/5/2021

10/12/2021

CVE-2020-10729

First published: Mon May 04 2020(Updated: )

Ansible template caching generates identical values when consecutive facts are created from password lookup with same length. Values should be different to prevent generate same passwords for different fields which can be used for different services or configurations and avoid exposing all of them at once.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
redhat/ansible-engine	<2.9.6	2.9.6
Redhat Ansible Engine	<2.9.6
Redhat Enterprise Linux	=7.0
Redhat Enterprise Linux	=8.0
Debian Debian Linux	=10.0
debian/ansible		2.7.7+dfsg-1+deb10u1 2.7.7+dfsg-1+deb10u2 2.10.7+merged+base+2.10.8+dfsg-1 7.3.0+dfsg-1 7.7.0+dfsg-3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-10729?
CVE-2020-10729 is a vulnerability in Ansible that allows for the generation of insufficiently random values, potentially leading to the exposure of sensitive information.
What is the severity of CVE-2020-10729?
The severity of CVE-2020-10729 is medium, with a severity score of 5.5.
How does CVE-2020-10729 affect Ansible?
CVE-2020-10729 affects Ansible by allowing two random password lookups of the same length to generate equal values, potentially exposing all passwords due to template caching.
Which software versions are affected by CVE-2020-10729?
The affected software versions include Ansible 2.9.6, Redhat Ansible Engine up to version 2.9.6, and Debian Debian Linux 10.0 with specific package versions.
How can I fix CVE-2020-10729?
To fix CVE-2020-10729, it is recommended to update to the latest patched version of Ansible or apply the specific remedy provided by the vendor.

agent/author
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/type
agent/weakness
collector/nvd-index
collector/redhat-bugzilla
alias/CVE-2020-10729
collector/security-tracker-debian
vendor/redhat
canonical/redhat ansible engine
canonical/redhat enterprise linux
version/redhat enterprise linux/7.0
version/redhat enterprise linux/8.0
vendor/debian
canonical/debian debian linux
version/debian debian linux/10.0
package-manager/redhat
package-manager/debian

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.