Wind River Support Network

HomeDefectsLIN1021-264
Fixed

LIN1021-264 : Security Advisory - ceph - CVE-2020-27839

Created: May 24, 2021    Updated: Aug 25, 2021
Resolved Date: Jul 13, 2021
Found In Version: 10.21.20.1
Fix Version: 10.21.20.2
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace

Description

A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integrity

CREATE(Triage):(User=admin) [CVE-2020-27839|https://nvd.nist.gov/vuln/detail/CVE-2020-27839]

CVEs


Live chat
Online