Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files). Reference and upstream commit: https://github.com/open-iscsi/targetcli-fb/pull/172
Created targetcli tracking bugs for this issue: Affects: fedora-all [bug 1848144]
Statement: The version of targetcli shipped with Red Hat Ceph Storage 3 sets the world-readable permissions for `/etc/target` and `/etc/target/backup` directory that store the sensitive information, hence affected by this vulnerability.
Mitigation: $ chmod -R og-rwx /etc/target Future backup files will still be created with incorrect permissions, but attackers will not be able to access the target directory.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-13867
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4697 https://access.redhat.com/errata/RHSA-2020:4697
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:5434 https://access.redhat.com/errata/RHSA-2020:5434