CVE-2020-14019

Incorrect Default Permissions in pypi/rtslib-fb

Identifiers

CVE-2020-14019

Package Slug

pypi/rtslib-fb

Vulnerability

Incorrect Default Permissions

Description

Open-iSCSI rtslib-fb has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved.

Affected Versions

All versions up to 2.1.72

Solution

Upgrade to version 2.1.73 or above.

Last Modified

2020-06-25

source