Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved.
Related bugs and status
CVE-2020-14019 (Candidate)
is related to these bugs: