CVE-2020-27839

CVE-2020-27839

Vendor N/A
Product ceph-dashboard
Weakness CWE-522 · Insufficiently protected credentials
Published May 26, 2021
Last update August 4, 2024

CVSS base score

What the vulnerability does

01Description

A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integrity.

Key dates

02Disclosure timeline

May 26, 2021 CVE published
August 4, 2024 Record updated