logo
DATABASE RESOURCES PRICING ABOUT US

NewStart CGSL CORE 5.05 / MAIN 5.05 : python-rtslib Vulnerability (NS-SA-2021-0185)

Description

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has python-rtslib packages installed that are affected by a vulnerability: - Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved. (CVE-2020-14019) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.


Related