CVE-2020-27839

Severity CVSS v4.0:
Pending analysis
Type:
CWE-522 Insufficiently Protected Credentials
Publication date:
26/05/2021
Last modified:
03/06/2021

Description

A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integrity.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:redhat:ceph:*:*:*:*:*:*:*:* 14.2.17 (excluding)
cpe:2.3:a:redhat:ceph:*:*:*:*:*:*:*:* 15.2.0 (including) 15.2.9 (excluding)


References to Advisories, Solutions, and Tools