Amazon Linux 2 Security Advisory: ALAS-2021-1591
Advisory Release Date: 2021-01-25 23:09 Pacific
Advisory Updated Date: 2021-01-26 18:45 Pacific
Severity:
Medium
Issue Overview:
An access flaw was found in targetcli, where the `/etc/target` and underneath backup directory/files were world-readable. This flaw allows a local attacker to access potentially sensitive information such as authentication credentials from the /etc/target/saveconfig.json and backup files. The highest threat from this vulnerability is to confidentiality. (CVE-2020-13867)
Affected Packages:
targetcli
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update targetcli to update your system.
New Packages:
noarch:
targetcli-2.1.53-1.amzn2.noarch
src:
targetcli-2.1.53-1.amzn2.src