VDB
CVE-2020-27839
CVE-2020-27839
PUBLISHED
A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
EPSS 0.24% · 47.2th percentile
Risk Scores
EPSS Score
0.24%
47.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | ceph | 14.2.2-0ubuntu3, 14.2.2-0ubuntu4, 14.2.4-0ubuntu1 |
Exploit Intelligence
Timeline
- Apr 12, 2021 CVE Published
- May 27, 2021 EPSS Score
- Jul 29, 2021 EPSS Score
- Sep 28, 2021 EPSS Score
- Nov 29, 2021 EPSS Score
- Jan 29, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 31, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 31, 2022 EPSS Score
- Aug 2, 2022 EPSS Score
- Oct 2, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-27839 third-party-advisory
- https://github.com/ceph/ceph/pull/38259 third-party-advisory
- https://ubuntu.com/security/notices/USN-4998-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-27839 third-party-advisory