Candidate: CVE-2020-10729
PublicDate: 2021-05-27 19:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729
 https://github.com/ansible/ansible/issues/34144
 https://github.com/ansible/ansible/pull/67429/
 https://github.com/ansible/ansible/commit/b38603c45ed3a53574ec2080fb3a24db38ab5bc6
Description:
 A flaw was found in the use of insufficiently random values in Ansible. Two
 random password lookups of the same length generate the equal value as the
 template caching action for the same file since no re-evaluation happens.
 The highest threat from this vulnerability would be that all passwords are
 exposed at once for the file. This flaw affects Ansible Engine versions
 before 2.9.6.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N [5.5 MEDIUM]


Patches_ansible:
upstream_ansible: released (2.9.6+dfsg-1)
precise/esm_ansible: DNE
trusty_ansible: ignored (out of standard support)
trusty/esm_ansible: needs-triage
xenial_ansible: ignored (end of standard support, was needs-triage)
bionic_ansible: needs-triage
eoan_ansible: ignored (reached end-of-life)
focal_ansible: not-affected (2.9.6+dfsg-1)
groovy_ansible: not-affected
hirsute_ansible: not-affected
impish_ansible: not-affected
jammy_ansible: not-affected
devel_ansible: not-affected