RedHat targetcli CVE-2020-13867 Permission Bypass Vulnerability
Description
The targetcli package contains an administration shell for configuring Internet Small Computer System Interface (iSCSI), Fibre Channel over Ethernet (FCoE), and other SCSI targets, using the Target Core Mod/Linux-IO (TCM/LIO) kernel target subsystem. FCoE users also need to install and use the fcoe-utils package. The following packages have been upgraded to a later upstream version: targetcli (2.1.53). (BZ#1853645) Security Fix(es): targetcli: weak permissions for /etc/target and backup files (CVE-2020-13867) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Applications
targetcli