CVE-2020-27839
Summary
| CVE | CVE-2020-27839 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-05-26 22:15:00 UTC |
| Updated | 2021-06-03 18:37:00 UTC |
| Description | A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integrity. |
Risk And Classification
Problem Types: CWE-522
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 1901330 – (CVE-2020-27839) CVE-2020-27839 ceph-dashboard: Don't use Browser's LocalStorage for storing JWT but Secure Cookies with proper HTTP Headers | MISC | bugzilla.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 174881 SUSE Enterprise Linux Security Update for ceph (SUSE-SU-2021:1108-1)
- 174975 SUSE Enterprise Linux Security Update for ceph (SUSE-SU-2021:1473-1)
- 198423 Ubuntu Security Notification for Ceph vulnerabilities (USN-4998-1)
- 239428 Red Hat Update for Red Hat Ceph Storage 4.2 (RHSA-2021:2445)
- 281589 Fedora Security Update for ceph (FEDORA-2021-93ff9e9103)
- 750271 OpenSUSE Security Update for ceph (openSUSE-SU-2021:0544-1)