MGASA-2020-0326

Source
https://advisories.mageia.org/MGASA-2020-0326.html
Import Source
https://advisories.mageia.org/MGASA-2020-0326.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2020-0326
Related
Published
2020-08-18T17:41:27Z
Modified
2020-08-18T16:51:10Z
Summary
Updated targetcli packages fix security vulnerability
Details

An access flaw was found in targetcli, where the /etc/target and underneath backup directory/files were world-readable. This flaw allows a local attacker to access potentially sensitive information such as authentication credentials from the /etc/target/saveconfig.json and backup files. The highest threat from this vulnerability is to confidentiality (CVE-2020-13867).

References
Credits

Affected packages

Mageia:7 / targetcli

Package

Name
targetcli
Purl
pkg:rpm/mageia/targetcli?arch=source&distro=mageia-7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.53-1.mga7

Ecosystem specific

{
    "section": "core"
}