ALT Linux Team

Package ceph update in p9 on 2021-03-19

ALT-PU-2021-1522-1

Package ceph updated to version 14.2.18-alt1 for branch p9 in task 267790.

Closed vulnerabilities

Published: 2021-05-27
Modified: 2024-11-21

CVE-2020-27839

A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integrity.

Severity: MEDIUM (5.4) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top