CVE-2021-3509

Name
CVE-2021-3509
Description
A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The greatest threat to the system is for confidentiality, integrity, and availability.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/ceph/ceph/commit/7a1ca8d372da3b6a4fc3d221a0e5f72d1d61c27b
MISC https://bugzilla.redhat.com/show_bug.cgi?id=1950116
MISC https://github.com/ceph/ceph/commit/adda853e64bdba1288d46bc7d462d23d8f2f10ca
MISC https://github.com/ceph/ceph/commit/af3fffab3b0f13057134d96e5d481e400d8bfd27
MISC https://github.com/ceph/ceph/blob/f1557e8f62d31883d3d34ae241a1a26af11d923f/src/pybind/mgr/dashboard/controllers/docs.py#L394-L409

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:redhat:ceph_storage:4.0:*:*:*:*:*:*:* ceph_storage == None == 4.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
ceph16 edge-community 16.2.4-r0 None fixed
ceph16 3.18-community 16.2.4-r0 None fixed
ceph16 3.17-community 16.2.4-r0 None fixed
ceph edge-community 16.2.4-r0 Duncan Bellamy <dunk@denkimushi.com> fixed