CVE-2020-27839: XSS
First published: Tue Nov 24 2020(Updated: )
A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/ceph-dashboard | <14.2.17 | 14.2.17 |
| redhat/ceph-dashboard | <15.2.9 | 15.2.9 |
| Redhat Ceph | <14.2.17 | |
| Redhat Ceph | >=15.2.0<15.2.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-27839?
CVE-2020-27839 is a vulnerability in ceph-dashboard that allows attackers to potentially access user authentication data via XSS attacks.
What is the severity of CVE-2020-27839?
The severity of CVE-2020-27839 is medium (5.4).
How does CVE-2020-27839 affect data confidentiality?
CVE-2020-27839 poses a threat to data confidentiality.
How can I fix CVE-2020-27839?
To fix CVE-2020-27839, upgrade to ceph-dashboard version 14.2.17 or 15.2.9, depending on your current version.
What is the Common Weakness Enumeration (CWE) ID for CVE-2020-27839?
The Common Weakness Enumeration (CWE) ID for CVE-2020-27839 is 79 and 522.
- collector/nvd-index
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-27839
- agent/software-canonical-lookup
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/redhat
- canonical/redhat ceph
- version/redhat ceph/15.2.0
- package-manager/redhat