High severityNVD Advisory· Published Jun 19, 2020· Updated Aug 4, 2024
CVE-2020-14019
CVE-2020-14019
Description
Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
rtslib-fbPyPI | < 2.1.73 | 2.1.73 |
Affected products
5- Open-iSCSI/rtslib-fbdescription
- ghsa-coords4 versionspkg:pypi/rtslib-fbpkg:rpm/opensuse/python-rtslib-fb&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/python-rtslib-fb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/python-rtslib-fb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP2
< 2.1.73+ 3 more
- (no CPE)range: < 2.1.73
- (no CPE)range: < 2.1.73-lp152.2.3.1
- (no CPE)range: < 2.1.73-3.3.1
- (no CPE)range: < 2.1.73-3.3.1
Patches
Vulnerability mechanics
References
8- lists.opensuse.org/opensuse-security-announce/2020-08/msg00012.htmlghsavendor-advisoryx_refsource_SUSEWEB
- github.com/advisories/GHSA-cpcw-p965-wpqxghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNMCV2DJJTX345YYBXAMJBXNNVUZQ5UH/mitrevendor-advisoryx_refsource_FEDORA
- nvd.nist.gov/vuln/detail/CVE-2020-14019ghsaADVISORY
- github.com/open-iscsi/rtslib-fb/commit/b23d061ee0fa7924d2cdce6194c313b9ee06c468ghsaWEB
- github.com/open-iscsi/rtslib-fb/pull/162ghsax_refsource_MISCWEB
- github.com/pypa/advisory-database/tree/main/vulns/rtslib-fb/PYSEC-2020-250.yamlghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNMCV2DJJTX345YYBXAMJBXNNVUZQ5UHghsaWEB
News mentions
0No linked articles in our index yet.