ALAS2-2021-1589 --- python-rtslibID: oval:org.secpod.oval:def:1700546 | Date: (C)2021-01-28 (M)2023-11-13 |
Class: PATCH | Family: unix |
A flaw was found in Open-iSCSI rtslib-fb through versions 2.1.72, where it has weak permissions for /etc/target/saveconfig.json because the shutil.copyfile, instead of shutil.copy is used, and permissions are not preserved upon editing. This flaw allows an attacker with prior access to /etc/target/saveconfig.json to access a later version, resulting in a loss of integrity, depending on their permission settings. The highest threat from this vulnerability is to confidentiality