CVE-2020-27839

MEDIUM

Redhat Ceph < 14.2.17 - Insufficiently Protected Credentials

Title source: rule

Description

A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integrity.

References (1)

[Issue Tracking, Vendor Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=1901330

Scores

CVSS v3 5.4

EPSS 0.0034

EPSS Percentile 56.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-522

Status published

Affected Products (1)

redhat/ceph < 14.2.17

Timeline

Published May 26, 2021

Tracked Since Feb 18, 2026