CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-13867 – targetcli: weak permissions for /etc/target and backup files
https://notcve.org/view.php?id=CVE-2020-13867
05 Jun 2020 — Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files). Open-iSCSI targetcli-fb versiones hasta 2.1.52, presenta permisos débiles para /etc/target (y para el directorio de respaldo y los archivos de respaldo) An access flaw was found in targetcli, where the `/etc/target` and underneath backup directory/files were world-readable. This flaw allows a local attacker to access potentially sensitive information such as authentication credentials... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00003.html • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10699 – targetcli: world writable /var/run/targetclid.sock allows unprivileged user to execute commands
https://notcve.org/view.php?id=CVE-2020-10699
15 Apr 2020 — A flaw was found in Linux, in targetcli-fb versions 2.1.50 and 2.1.51 where the socket used by targetclid was world-writable. If a system enables the targetclid socket, a local attacker can use this flaw to modify the iSCSI configuration and escalate their privileges to root. Se detectó un fallo en Linux, en targetcli-fb versiones 2.1.50 y 2.1.51, donde el socket utilizado por targetclid era de tipo world-writable. Si un sistema habilita el socket targetclid, un atacante local puede usar este fallo para mod... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10699 • CWE-732: Incorrect Permission Assignment for Critical Resource •