Launchpad CVE tracker

CVE 2020-10699

A flaw was found in Linux, in targetcli-fb versions 2.1.50 and 2.1.51 where the socket used by targetclid was world-writable. If a system enables the targetclid socket, a local attacker can use this flaw to modify the iSCSI configuration and escalate their privileges to root.

Related bugs and status

CVE-2020-10699 (Candidate) is related to these bugs:

Bug #1854362: [MIR] ceph-iscsi, tcmu, python-configshell-fb, python-rtslib-fb, urwid, targetcli-fb

		In	Importance	Status
1854362	[MIR] ceph-iscsi, tcmu, python-configshell-fb, python-rtslib-fb, urwid, targetcli-fb	ceph-iscsi (Ubuntu)	Undecided	In Progress
1854362	[MIR] ceph-iscsi, tcmu, python-configshell-fb, python-rtslib-fb, urwid, targetcli-fb	python-rtslib-fb (Ubuntu)	Undecided	Fix Released
1854362	[MIR] ceph-iscsi, tcmu, python-configshell-fb, python-rtslib-fb, urwid, targetcli-fb	tcmu (Ubuntu)	Undecided	Invalid
1854362	[MIR] ceph-iscsi, tcmu, python-configshell-fb, python-rtslib-fb, urwid, targetcli-fb	python-configshell-fb (Ubuntu)	Undecided	Fix Released
1854362	[MIR] ceph-iscsi, tcmu, python-configshell-fb, python-rtslib-fb, urwid, targetcli-fb	urwid (Ubuntu)	Undecided	Fix Released
1854362	[MIR] ceph-iscsi, tcmu, python-configshell-fb, python-rtslib-fb, urwid, targetcli-fb	targetcli-fb (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2020-10699

References