{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T04:50:00.516","vulnerabilities":[{"cve":{"id":"CVE-2020-27839","sourceIdentifier":"secalert@redhat.com","published":"2021-05-26T22:15:07.863","lastModified":"2024-11-21T05:21:54.607","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integrity."},{"lang":"es","value":"Se encontró un fallo en ceph-dashboard. El programa JSON Web Token (JWT) usado para la autenticación del usuario es almacenada en la aplicación frontend en el almacenamiento local del navegador, que es potencialmente vulnerable a atacantes por medio de ataques de tipo XSS. La mayor amenaza de esta vulnerabilidad es la confidencialidad e integridad de los datos"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-522"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:ceph:*:*:*:*:*:*:*:*","versionEndExcluding":"14.2.17","matchCriteriaId":"932EE726-C7E2-4185-A6C2-A678FB166399"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:ceph:*:*:*:*:*:*:*:*","versionStartIncluding":"15.2.0","versionEndExcluding":"15.2.9","matchCriteriaId":"509E08EA-73F2-4311-8526-DE79215F2F2D"}]}]}],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1901330","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1901330","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Vendor Advisory"]}]}}]}