Advisories » MGASA-2020-0326

Updated targetcli packages fix security vulnerability

Publication date: 18 Aug 2020
Modification date: 18 Aug 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-13867

Description

An access flaw was found in targetcli, where the /etc/target and underneath
backup directory/files were world-readable. This flaw allows a local attacker
to access potentially sensitive information such as authentication credentials
from the /etc/target/saveconfig.json and backup files. The highest threat from
this vulnerability is to confidentiality (CVE-2020-13867).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=27041
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6LANBGRCCZBPKKBD5ZMJS7C7DYAHYR6B/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13867

SRPMS

7/core

• targetcli-2.1.53-1.mga7