PYSEC-2020-250

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/rtslib-fb/PYSEC-2020-250.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2020-250

Aliases

CVE-2020-14019
GHSA-cpcw-p965-wpqx

Published

2020-06-19T11:15:00Z

Modified

2023-11-08T04:02:25.004540Z

Summary

[none]

Details

Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved.

References

https://github.com/open-iscsi/rtslib-fb/pull/162
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNMCV2DJJTX345YYBXAMJBXNNVUZQ5UH/
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00012.html

Affected packages

PyPI / rtslib-fb

Package

Name: rtslib-fb; View open source insights on deps.dev
Purl: pkg:pypi/rtslib-fb

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.73

Affected versions

2.*

2.1.31

2.1.32

2.1.35

2.1.36

2.1.37

2.1.38

2.1.39

2.1.40

2.1.43

2.1.47

2.1.49

2.1.51

2.1.56

2.1.57

2.1.58

2.1.61

2.1.62

2.1.63

2.1.64

2.1.65

2.1.66

2.1.69

2.1.71

2.1.72