CVE-2020-10729 vulnerability in Red Hat and Other Products
Published on May 27, 2021

A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6.

Vendor Advisory NVD

Weakness Type

Use of Insufficiently Random Values

The software uses insufficiently random numbers or values in a security context that depends on unpredictable numbers. When software generates predictable values in a context requiring unpredictability, it may be possible for an attacker to guess the next value that will be generated, and use this guess to impersonate another user or access sensitive information.

Products Associated with CVE-2020-10729

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-10729 are published in these products:

Red Hat Ansible Engine

Debian Linux

Canonical Ubuntu Linux

Exploit Probability

EPSS

0.08%

Percentile

23.25%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2020-10729 vulnerability in Red Hat and Other ProductsPublished on May 27, 2021

Weakness Type

Use of Insufficiently Random Values

Products Associated with CVE-2020-10729

Exploit Probability

CVE-2020-10729 vulnerability in Red Hat and Other Products
Published on May 27, 2021