CVE-2020-27839 - log back

CVE-2020-27839 edited at 25 Mar 2021 19:34:34
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Cross-site scripting
Description
+ A security issue was found in ceph in versions prior to 15.2.9. The JWT token used by the ceph dashboard for authorising against the API was stored inside the local storage of the browser, making it vulnerable to cross-site scripting attacks. Ceph version 15.2.9 mitigates this issue by using secure cookies for storage instead.
References
+ https://tracker.ceph.com/issues/44591
+ https://github.com/ceph/ceph/pull/38259
+ https://github.com/ceph/ceph/pull/39120
+ https://github.com/ceph/ceph/commit/67edff73234732e69b145d5270d744c3fb8168ab
CVE-2020-27839 created at 25 Mar 2021 19:25:48
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes