CVE-2020-14019: Incorrect Default Permissions
(updated )
Open-iSCSI rtslib-fb has weak permissions for /etc/target/saveconfig.json
because shutil.copyfile
(instead of shutil.copy
) is used, and thus permissions are not preserved.
References
Detect and mitigate CVE-2020-14019 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →