1850077 – targetcli: weak permissions config files

Bug 1850077 - targetcli: weak permissions config files

Summary: targetcli: weak permissions config files

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Gluster Storage
Classification:	Red Hat Storage
Component:	gluster-block
Sub Component:
Version:	ocs-3.11
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	OCS 3.11.z Async
Assignee:	Prasanna Kumar Kalever
QA Contact:	Sayalee
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1877227
TreeView+	depends on / blocked

Reported:	2020-06-23 13:54 UTC by Prasanna Kumar Kalever
Modified:	2020-09-30 15:17 UTC (History)
CC List:	8 users (show)
Fixed In Version:	gluster-block-0.2.1-36.1.el7rhgs
Doc Type:	Bug Fix
Doc Text:	An access flaw CVE-2020-13867 was found in targetcli due to which the files under ‘/etc/target’ and '/etc/target/backup' directory were widely accessible. With this release, the access flaw is fixed as a workaround in gluster-block to protect these files from any potential attacks for accessing sensitive information, at least until the flaw is resolved and made available in targetcli.
Clone Of:
Clones:	1877227 (view as bug list)
Environment:
Last Closed:	2020-09-30 15:17:24 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2020:4143	0	None	None	None	2020-09-30 15:17:48 UTC

Comment 13 errata-xmlrpc 2020-09-30 15:17:24 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OCS 3.11.z async security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:4143

Note You need to log in before you can comment on or make changes to this bug.