CVE-2020-27839

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-27839
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-27839.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-27839
Related
Published
2021-05-26T22:15:07Z
Modified
2024-09-18T03:11:54.541841Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integrity.

References

Affected packages

Debian:11 / ceph

Package

Name
ceph
Purl
pkg:deb/debian/ceph?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
14.2.18-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / ceph

Package

Name
ceph
Purl
pkg:deb/debian/ceph?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
14.2.18-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / ceph

Package

Name
ceph
Purl
pkg:deb/debian/ceph?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
14.2.18-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/ceph/ceph

Affected ranges

Type
GIT
Repo
https://github.com/ceph/ceph
Events

Affected versions

v15.*

v15.2.0
v15.2.1
v15.2.2
v15.2.3
v15.2.4
v15.2.5
v15.2.6
v15.2.7
v15.2.8