CVE-2020-14019

Опубликовано: 19 июн. 2020

Источник: debian

Описание

Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
python-rtslib-fb	fixed	2.1.71-3		package
python-rtslib-fb	not-affected		buster	package
python-rtslib-fb	not-affected		stretch	package
python-rtslib-fb	not-affected		jessie	package

Примечания

https://github.com/open-iscsi/rtslib-fb/pull/162
https://github.com/open-iscsi/rtslib-fb/commit/75e73778dce1cb7a2816a936240ef75adfbd6ed9

Связанные уязвимости

CVE-2020-14019

CVSS3: 7.8

ubuntu

больше 5 лет назад

Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved.

CVE-2020-14019

CVSS3: 6.6

redhat

больше 5 лет назад

Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved.

CVE-2020-14019

CVSS3: 7.8

nvd

больше 5 лет назад

Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved.

openSUSE-SU-2020:1156-1

suse-cvrf

больше 5 лет назад

Security update for python-rtslib-fb

SUSE-SU-2020:2109-1

suse-cvrf

больше 5 лет назад

Security update for python-rtslib-fb