CVE-2020-27839
Severity CVSS v4.0:
Pending analysis
Type:
CWE-522
Insufficiently Protected Credentials
Publication date:
26/05/2021
Last modified:
03/06/2021
Description
A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
Impact
Base Score 3.x
5.40
Severity 3.x
MEDIUM
Base Score 2.0
3.50
Severity 2.0
LOW
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:redhat:ceph:*:*:*:*:*:*:*:* | 14.2.17 (excluding) | |
cpe:2.3:a:redhat:ceph:*:*:*:*:*:*:*:* | 15.2.0 (including) | 15.2.9 (excluding) |
To consult the complete list of CPE names with products and versions, see this page