CVE-2020-27839 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Cross-site scripting
Description	A security issue was found in ceph in versions prior to 15.2.9. The JWT token used by the ceph dashboard for authorising against the API was stored inside the local storage of the browser, making it vulnerable to cross-site scripting attacks. Ceph version 15.2.9 mitigates this issue by using secure cookies for storage instead.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1421	ceph	15.2.8-2	15.2.10-1	Medium	Fixed	FS#70062

References
https://tracker.ceph.com/issues/44591 https://github.com/ceph/ceph/pull/38259 https://github.com/ceph/ceph/pull/39120 https://github.com/ceph/ceph/commit/67edff73234732e69b145d5270d744c3fb8168ab