The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
A flaw was found in Linux, in targetcli-fb versions 2.1.50 and 2.1.51 where the socket used by targetclid was world-writable. If a system enables the targetclid socket, a local attacker can use this flaw to modify the iSCSI configuration and escalate their privileges to root.
Base Score: 7.2
Impact Score: 10
Exploitability Score: 3.9
Base Score: 7.8
Impact Score: 5.9
Exploitability Score: 1.8
|145856||CentOS 8 : targetcli (CESA-2020:1933)||Nessus||CentOS Local Security Checks|
|140070||GLSA-202008-22 : targetcli-fb: Multiple vulnerabilities||Nessus||Gentoo Local Security Checks|
|136445||Oracle Linux 8 : targetcli (ELSA-2020-1933)||Nessus||Oracle Linux Local Security Checks|
|136065||RHEL 8 : targetcli (RHSA-2020:1933)||Nessus||Red Hat Local Security Checks|