What is CVE-2020-10729?

CVE-2020-10729 is a vulnerability in Ansible, classified under Use of Insufficiently Random Values. Published 2021-05-27.

Is CVE-2020-10729 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Ansible

CVE-2020-10729

A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest th…

EPSS: 0.001 (20.1th percentile) — read the EPSS interpretation.

Affected products

N/a Ansible — versions ansible-engine 2.9.6

Weakness classification (CWE)

CWE-330 — Use of Insufficiently Random Values

Public proof-of-concept exploits

n0-traces/cve_

References

bugzilla.redhat.com/show_bug.cgi (x_refsource_MISC)
github.com/ansible/ansible/issues/34144 (x_refsource_MISC)
DSA-4950 (vendor-advisory, x_refsource_DEBIAN)

Frequently asked questions

What is CVE-2020-10729?: CVE-2020-10729 is a vulnerability in Ansible, classified under Use of Insufficiently Random Values. Published 2021-05-27.
Is CVE-2020-10729 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.