Описание
Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files).
An access flaw was found in targetcli, where the /etc/target and underneath backup directory/files were world-readable. This flaw allows a local attacker to access potentially sensitive information such as authentication credentials from the /etc/target/saveconfig.json and backup files. The highest threat from this vulnerability is to confidentiality.
Отчет
The version of targetcli shipped with Red Hat Ceph Storage 3 sets the world-readable permissions for /etc/target and /etc/target/backup directory that store the sensitive information, hence affected by this vulnerability.
Меры по смягчению последствий
$ chmod -R og-rwx /etc/target Future backup files will still be created with incorrect permissions, but attackers will not be able to access the target directory.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 2 | targetcli | Out of support scope | ||
| Red Hat Ceph Storage 3 | targetcli | Affected | ||
| Red Hat Enterprise Linux 7 | targetcli | Fixed | RHSA-2020:5434 | 15.12.2020 |
| Red Hat Enterprise Linux 8 | targetcli | Fixed | RHSA-2020:4697 | 04.11.2020 |
Показывать по
Дополнительная информация
Статус:
5.5 Medium
CVSS3
Связанные уязвимости
Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files).
Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files).
Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/t ...
5.5 Medium
CVSS3