CVE-2020-14019

Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved.

Link	Resource
https://github.com/open-iscsi/rtslib-fb/pull/162	Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNMCV2DJJTX345YYBXAMJBXNNVUZQ5UH/
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00012.html

Configuration 1

cpe:2.3:a:rtslib-fb_project:rtslib-fb:*:*:*:*:*:*:*:*

---

Published : 2020-06-19 11:15

Updated : 2020-08-07 12:15

---

NVD link : CVE-2020-14019

Mitre link : CVE-2020-14019

No products.

CWE-276

Incorrect Default Permissions