VDB

CVE-2020-27839

CVE-2020-27839 PUBLISHED

A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integrity.

EPSS 0.24% · 47.2th percentile

Risk Scores

EPSS Score
0.24%
47.2th percentile

Affected Products

VendorProductVersions
Ubuntu:20.04:LTSceph14.2.2-0ubuntu3, 14.2.2-0ubuntu4, 14.2.4-0ubuntu1

Timeline

  • Apr 12, 2021 CVE Published
  • May 27, 2021 EPSS Score
  • Jul 29, 2021 EPSS Score
  • Sep 28, 2021 EPSS Score
  • Nov 29, 2021 EPSS Score
  • Jan 29, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Mar 31, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 31, 2022 EPSS Score
  • Aug 2, 2022 EPSS Score
  • Oct 2, 2022 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›