CVE-2020-27839
MEDIUMceph < 14.2.17 - Insufficiently Protected Credentials via JWT Storage in localStorage
Title source: llmDescription
A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
References (1)
Core 1
Core References
Issue Tracking, Vendor Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1901330
Scores
CVSS v3
5.4
EPSS
0.0034
EPSS Percentile
56.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-522
Status
published
Products (1)
redhat/ceph
< 14.2.17
Published
May 26, 2021
Tracked Since
Feb 18, 2026