The vulnerability of the rtslib-fb library is related to incorrect default access rights settings, which allow attackers to execute arbitrary code.

The vulnerability in the /etc/target/saveconfig.json file of the rtslib-fb library is related to incorrect default access permissions settings. Exploiting this vulnerability could allow an attacker to execute arbitrary code by sending specially crafted data to the application...

AZL-44778 CVE-2020-14019 affecting package python-rtslib 2.1.fb69-9

Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile instead of shutil.copy is used, and thus permissions are not preserved...