Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-wcjb-xc6g-g7d4

Summary Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved.

Aliases

alias	CVE-2020-14019

alias	PYSEC-2020-250

Fixed_packages

url	pkg:pypi/rtslib-fb@2.1.73
purl	pkg:pypi/rtslib-fb@2.1.73
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/rtslib-fb@2.1.73

Affected_packages

url pkg:pypi/rtslib-fb@2.1.31

purl pkg:pypi/rtslib-fb@2.1.31

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wcjb-xc6g-g7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rtslib-fb@2.1.31

url pkg:pypi/rtslib-fb@2.1.32

purl pkg:pypi/rtslib-fb@2.1.32

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wcjb-xc6g-g7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rtslib-fb@2.1.32

url pkg:pypi/rtslib-fb@2.1.35

purl pkg:pypi/rtslib-fb@2.1.35

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wcjb-xc6g-g7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rtslib-fb@2.1.35

url pkg:pypi/rtslib-fb@2.1.36

purl pkg:pypi/rtslib-fb@2.1.36

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wcjb-xc6g-g7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rtslib-fb@2.1.36

url pkg:pypi/rtslib-fb@2.1.37

purl pkg:pypi/rtslib-fb@2.1.37

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wcjb-xc6g-g7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rtslib-fb@2.1.37

url pkg:pypi/rtslib-fb@2.1.38

purl pkg:pypi/rtslib-fb@2.1.38

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wcjb-xc6g-g7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rtslib-fb@2.1.38

url pkg:pypi/rtslib-fb@2.1.39

purl pkg:pypi/rtslib-fb@2.1.39

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wcjb-xc6g-g7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rtslib-fb@2.1.39

url pkg:pypi/rtslib-fb@2.1.40

purl pkg:pypi/rtslib-fb@2.1.40

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wcjb-xc6g-g7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rtslib-fb@2.1.40

url pkg:pypi/rtslib-fb@2.1.43

purl pkg:pypi/rtslib-fb@2.1.43

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wcjb-xc6g-g7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rtslib-fb@2.1.43

url pkg:pypi/rtslib-fb@2.1.47

purl pkg:pypi/rtslib-fb@2.1.47

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wcjb-xc6g-g7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rtslib-fb@2.1.47

url pkg:pypi/rtslib-fb@2.1.49

purl pkg:pypi/rtslib-fb@2.1.49

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wcjb-xc6g-g7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rtslib-fb@2.1.49

url pkg:pypi/rtslib-fb@2.1.51

purl pkg:pypi/rtslib-fb@2.1.51

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wcjb-xc6g-g7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rtslib-fb@2.1.51

url pkg:pypi/rtslib-fb@2.1.56

purl pkg:pypi/rtslib-fb@2.1.56

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wcjb-xc6g-g7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rtslib-fb@2.1.56

url pkg:pypi/rtslib-fb@2.1.57

purl pkg:pypi/rtslib-fb@2.1.57

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wcjb-xc6g-g7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rtslib-fb@2.1.57

url pkg:pypi/rtslib-fb@2.1.58

purl pkg:pypi/rtslib-fb@2.1.58

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wcjb-xc6g-g7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rtslib-fb@2.1.58

url pkg:pypi/rtslib-fb@2.1.61

purl pkg:pypi/rtslib-fb@2.1.61

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wcjb-xc6g-g7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rtslib-fb@2.1.61

url pkg:pypi/rtslib-fb@2.1.62

purl pkg:pypi/rtslib-fb@2.1.62

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wcjb-xc6g-g7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rtslib-fb@2.1.62

url pkg:pypi/rtslib-fb@2.1.63

purl pkg:pypi/rtslib-fb@2.1.63

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wcjb-xc6g-g7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rtslib-fb@2.1.63

url pkg:pypi/rtslib-fb@2.1.64

purl pkg:pypi/rtslib-fb@2.1.64

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wcjb-xc6g-g7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rtslib-fb@2.1.64

url pkg:pypi/rtslib-fb@2.1.65

purl pkg:pypi/rtslib-fb@2.1.65

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wcjb-xc6g-g7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rtslib-fb@2.1.65

url pkg:pypi/rtslib-fb@2.1.66

purl pkg:pypi/rtslib-fb@2.1.66

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wcjb-xc6g-g7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rtslib-fb@2.1.66

url pkg:pypi/rtslib-fb@2.1.69

purl pkg:pypi/rtslib-fb@2.1.69

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wcjb-xc6g-g7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rtslib-fb@2.1.69

url pkg:pypi/rtslib-fb@2.1.71

purl pkg:pypi/rtslib-fb@2.1.71

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wcjb-xc6g-g7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rtslib-fb@2.1.71

url pkg:pypi/rtslib-fb@2.1.72

purl pkg:pypi/rtslib-fb@2.1.72

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wcjb-xc6g-g7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rtslib-fb@2.1.72

References

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00012.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00012.html

reference_url	https://github.com/open-iscsi/rtslib-fb/pull/162
reference_id
reference_type
scores
url	https://github.com/open-iscsi/rtslib-fb/pull/162

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNMCV2DJJTX345YYBXAMJBXNNVUZQ5UH/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNMCV2DJJTX345YYBXAMJBXNNVUZQ5UH/

Weaknesses

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wcjb-xc6g-g7d4

Vulnerability Instance