Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-10729

Опубликовано: 27 мая 2021
Источник: debian

Описание

A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
ansiblefixed2.9.6+dfsg-1package
ansibleend-of-lifestretchpackage
ansiblenot-affectedjessiepackage

Примечания

  • https://github.com/ansible/ansible/issues/34144

  • https://github.com/ansible/ansible/pull/67429/

  • https://github.com/ansible/ansible/commit/b38603c45ed3a53574ec2080fb3a24db38ab5bc6

  • Introduced in https://github.com/ansible/ansible/commit/87a9485b2f5a3188460f0a0219d2e0d990ce4e67 (2.0)

Связанные уязвимости

ubuntu логотип

CVE-2020-10729

CVSS3: 5.5
ubuntu
больше 4 лет назад

A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6.

redhat логотип

CVE-2020-10729

CVSS3: 5
redhat
около 8 лет назад

A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6.

nvd логотип

CVE-2020-10729

CVSS3: 5.5
nvd
больше 4 лет назад

A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6.

github логотип

GHSA-r6h7-5pq2-j77h

CVSS3: 5
github
больше 4 лет назад

Insufficiently random values in Ansible

fstec логотип

BDU:2022-00275

CVSS3: 5.5
fstec
больше 4 лет назад

Уязвимость системы управления конфигурациями Ansible, связанная с использованием недостаточно случайных значений, позволяющая нарушителю получить доступ к конфиденциальным данным