Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files).
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00005.html
Source: MITRE
Published: 2020-06-05
Updated: 2020-08-30
Type: CWE-276
Base Score: 2.1
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 3.9
Severity: LOW
Base Score: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Impact Score: 3.6
Exploitability Score: 1.8
Severity: MEDIUM
OR
cpe:2.3:a:targetcli-fb_project:targetcli-fb:*:*:*:*:*:*:*:* versions up to 2.1.52 (inclusive)
ID | Name | Product | Family | Severity |
---|---|---|---|---|
145864 | CentOS 8 : targetcli (CESA-2020:4697) | Nessus | CentOS Local Security Checks | low |
145455 | Amazon Linux 2 : targetcli (ALAS-2021-1591) | Nessus | Amazon Linux Local Security Checks | low |
144414 | RHEL 7 : targetcli (RHSA-2020:5434) | Nessus | Red Hat Local Security Checks | low |
144329 | Oracle Linux 7 : targetcli (ELSA-2020-5434) | Nessus | Oracle Linux Local Security Checks | low |
144292 | Scientific Linux Security Update : targetcli on SL7.x (noarch) (2020:5434) | Nessus | Scientific Linux Local Security Checks | low |
143081 | RHEL 8 : targetcli (RHSA-2020:4697) | Nessus | Red Hat Local Security Checks | low |
142781 | Oracle Linux 8 : targetcli (ELSA-2020-4697) | Nessus | Oracle Linux Local Security Checks | low |
140070 | GLSA-202008-22 : targetcli-fb: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
139306 | openSUSE Security Update : targetcli-fb (openSUSE-2020-1144) | Nessus | SuSE Local Security Checks | low |
139304 | openSUSE Security Update : targetcli-fb (openSUSE-2020-1141) | Nessus | SuSE Local Security Checks | low |
138826 | Fedora 32 : targetcli (2020-83d2616f81) | Nessus | Fedora Local Security Checks | low |