Id:
CVE-2020-27839
Comment
:
A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
CVSSv2 Score:
3.5
Access vector:
|
NETWORK
|
Access complexity:
|
MEDIUM
|
Authentication:
|
SINGLE
|
Confidentiality impact:
|
NONE
|
Integrity impact:
|
PARTIAL
|
Availability impact:
|
NONE
|
CVSSv2 Vector:
AV:N/AC:M/Au:S/C:N/I:P/A:N
CVSSv3 Score:
5.4
Attack vector:
|
NETWORK
|
Attack complexity:
|
LOW
|
Privileges required:
|
LOW
|
User interaction:
|
REQUIRED
|
Scope:
|
CHANGED
|
Confidentiality impact:
|
LOW
|
Integrity impact:
|
LOW
|
Availability impact:
|
NONE
|
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
References: