CVE-2020-27839 — Vulnetix

Try Vulnetix Request Demo

CVE-2020-27839 PUBLISHED

A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integrity.

EPSS 0.33% · 56.1th percentile

Risk Scores

EPSS Score

0.33%

56.1th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:20.04:LTS	ceph	14.2.2-0ubuntu3, 14.2.2-0ubuntu4, 14.2.4-0ubuntu1

Timeline

Apr 12, 2021 CVE Published
May 27, 2021 EPSS Score
Jul 29, 2021 EPSS Score
Sep 27, 2021 EPSS Score
Nov 27, 2021 EPSS Score
Jan 27, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 28, 2022 EPSS Score
Jul 29, 2022 EPSS Score
Sep 27, 2022 EPSS Score

References

https://ubuntu.com/security/CVE-2020-27839 third-party-advisory
https://github.com/ceph/ceph/pull/38259 third-party-advisory
https://ubuntu.com/security/notices/USN-4998-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2020-27839 third-party-advisory

Open in Interactive Console →