What is CVE-2020-27839?

CVE-2020-27839 is a medium-severity vulnerability in Redhat Ceph, classified under Insufficiently Protected Credentials. CVSS score: 5.4/10. Published 2021-05-26.

How severe is CVE-2020-27839?

Medium severity. CVSS v3 base score is 5.4 out of 10.

Is CVE-2020-27839 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Redhat Ceph

CVE-2020-27839

A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat…

EPSS: 0.024 (82.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N.

Affected products

Redhat Ceph
N/a Ceph-dashboard — versions ceph-dashboard 14.2.17, ceph-dashboard 15.2.9

Weakness classification (CWE)

CWE-522 — Insufficiently Protected Credentials

Public proof-of-concept exploits

ARPSyndicate/cvemon

References

secalert@redhat.com (x_refsource_MISC, Issue Tracking, Vendor Advisory)

Frequently asked questions

What is CVE-2020-27839?: CVE-2020-27839 is a medium-severity vulnerability in Redhat Ceph, classified under Insufficiently Protected Credentials. CVSS score: 5.4/10. Published 2021-05-26.
How severe is CVE-2020-27839?: Medium severity. CVSS v3 base score is 5.4 out of 10.
Is CVE-2020-27839 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.