CVE-2020-27839

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-27839
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-27839.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-27839
Downstream
Related
Published
2021-05-26T22:15:07.863Z
Modified
2026-02-04T21:34:38.427915Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integrity.

References

Affected packages

Git / github.com/ceph/ceph

Affected ranges

Type
GIT
Repo
https://github.com/ceph/ceph
Events
Fixed
2e95b5d99e0dec516803c8a1b57fbd2c8f45fd63
Introduced
dc6a0b5c3cbf6a5e1d6d4f20b5ad466d76b96247
Fixed
357616cbf726abb779ca75a551e8d02568e15b17

Affected versions

v15.*
v15.2.0
v15.2.1
v15.2.2
v15.2.3
v15.2.4
v15.2.5
v15.2.6
v15.2.7
v15.2.8

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-27839.json"