CVE-2020-14019
HIGHrtslib-fb < 2.1.72 - Incorrect Default Permissions in saveconfig.json
Title source: llmDescription
Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
https://github.com/open-iscsi/rtslib-fb/pull/162
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNMCV2DJJTX345YYBXAMJBXNNVUZQ5UH/
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00012.html
Scores
CVSS v3
7.8
EPSS
0.0034
EPSS Percentile
25.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-276
Status
published
Products (2)
pypi/rtslib-fb
0 - 2.1.73PyPI
rtslib-fb_project/rtslib-fb
< 2.1.72
Published
Jun 19, 2020
Tracked Since
Feb 18, 2026