← voltar
CVE-2020-10729

CVE-2020-10729

EPSS 0.4%CWE-330
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
27 mai 2021Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6.
Produtos afetados
n/a · Ansible

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://bugzilla.redhat.com/show_bug.cgi?id=1831089https://github.com/ansible/ansible/issues/34144https://www.debian.org/security/2021/dsa-4950