CVE-2020-27839 - OpenCVE

A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integrity.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Ceph Ceph Storage

Configuration 1 [-]

OR	cpe:2.3:a:redhat:ceph::::::::
	cpe:2.3:a:redhat:ceph::::::::

Package	CPE	Advisory	Released Date
Red Hat Ceph Storage 4.2
ceph-2:14.2.11-181.el8cp	cpe:/a:redhat:ceph_storage:4::el7	RHSA-2021:2445	2021-06-15T00:00:00Z

References

Link	Providers
https://bugzilla.redhat.com/show_bug.cgi?id=1901330
https://nvd.nist.gov/vuln/detail/CVE-2020-27839
https://www.cve.org/CVERecord?id=CVE-2020-27839

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2021-05-26T21:25:44

Updated: 2024-08-04T16:25:43.403Z

Reserved: 2020-10-27T00:00:00

Link: CVE-2020-27839

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-05-26T22:15:07.863

Modified: 2021-06-03T18:37:46.990

Link: CVE-2020-27839

Redhat

Severity : Moderate

Publid Date: 2020-03-13T00:00:00Z

Links: CVE-2020-27839 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "ceph-dashboard", "vendor": "n/a", "versions": [{"status": "affected", "version": "ceph-dashboard 14.2.17, ceph-dashboard 15.2.9"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser\u2019s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integrity."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-522", "description": "CWE-522", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-05-26T21:25:44", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901330"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-27839", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ceph-dashboard", "version": {"version_data": [{"version_value": "ceph-dashboard 14.2.17, ceph-dashboard 15.2.9"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser\u2019s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integrity."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-522"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1901330", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901330"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:25:43.403Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901330"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-27839", "datePublished": "2021-05-26T21:25:44", "dateReserved": "2020-10-27T00:00:00", "dateUpdated": "2024-08-04T16:25:43.403Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:ceph:*:*:*:*:*:*:*:*", "matchCriteriaId": "932EE726-C7E2-4185-A6C2-A678FB166399", "versionEndExcluding": "14.2.17", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ceph:*:*:*:*:*:*:*:*", "matchCriteriaId": "509E08EA-73F2-4311-8526-DE79215F2F2D", "versionEndExcluding": "15.2.9", "versionStartIncluding": "15.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser\u2019s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integrity."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en ceph-dashboard. El programa JSON Web Token (JWT) usado para la autenticaci\u00f3n del usuario es almacenada en la aplicaci\u00f3n frontend en el almacenamiento local del navegador, que es potencialmente vulnerable a atacantes por medio de ataques de tipo XSS. La mayor amenaza de esta vulnerabilidad es la confidencialidad e integridad de los datos"}], "id": "CVE-2020-27839", "lastModified": "2021-06-03T18:37:46.990", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-26T22:15:07.863", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901330"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2021:2445", "cpe": "cpe:/a:redhat:ceph_storage:4::el7", "package": "ceph-2:14.2.11-181.el8cp", "product_name": "Red Hat Ceph Storage 4.2", "release_date": "2021-06-15T00:00:00Z"}], "bugzilla": {"description": "ceph-dashboard: Don't use Browser's LocalStorage for storing JWT but Secure Cookies with proper HTTP Headers", "id": "1901330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901330"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "status": "verified"}, "cwe": "CWE-522", "details": ["A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser\u2019s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser\u2019s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integrity."], "mitigation": {"lang": "en:us", "value": "Do not store sensitive data in HTML5 localStorage, not even temporarily. Use cookies with appropriate security flags (secure, HttpOnly, SameSite)."}, "name": "CVE-2020-27839", "package_state": [{"cpe": "cpe:/a:redhat:ceph_storage:2", "fix_state": "Out of support scope", "package_name": "ceph", "product_name": "Red Hat Ceph Storage 2"}, {"cpe": "cpe:/a:redhat:ceph_storage:3", "fix_state": "Not affected", "package_name": "ceph", "product_name": "Red Hat Ceph Storage 3"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "ceph", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "ceph", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Will not fix", "package_name": "ceph", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Will not fix", "package_name": "ceph", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}], "public_date": "2020-03-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-27839\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-27839"], "statement": "* Red Hat Ceph Storage 3 is not affected as it does not use authentication for the dashboard.\n* Red Hat OpenStack Platform deployments use the ceph package directly from the Ceph channel; the RHOSP package will not be updated at this time.\n* Red Hat OpenShift Container Storage (RHOCS) 4 shipped ceph package for the usage of RHOCS 4.2 only which has reached End of Life. The shipped version of ceph package is neither used nor supported with the release of RHOCS 4.3.\n* Red Hat Enterprise Linux 8 does not include the ceph dashboard component.", "threat_severity": "Moderate", "upstream_fix": "ceph-dashboard 14.2.17, ceph-dashboard 15.2.9"}