Lucene search
RedhatCVELIST:CVE-2021-3509HistoryMay 26, 2021 - 11:56 p.m.
CVE-2021-3509
2021-05-2623:56:39
CWE-79
redhat
www.cve.org
2
A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The greatest threat to the system is for confidentiality, integrity, and availability.
CNA Affected
[
{
"product": "ceph-dashboard",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "as shipped in Red Hat Ceph Storage 4"
}
]
}
]References
bugzilla.redhat.com/show_bug.cgi?id=1950116
github.com/ceph/ceph/blob/f1557e8f62d31883d3d34ae241a1a26af11d923f/src/pybind/mgr/dashboard/controllers/docs.py#L394-L409
github.com/ceph/ceph/commit/7a1ca8d372da3b6a4fc3d221a0e5f72d1d61c27b
github.com/ceph/ceph/commit/adda853e64bdba1288d46bc7d462d23d8f2f10ca
github.com/ceph/ceph/commit/af3fffab3b0f13057134d96e5d481e400d8bfd27
Related
osv
osv
CVE-2021-3509
2021-05-27 00:15:08
CVE-2020-27839
2021-05-26 22:15:07
ceph vulnerabilities
2021-06-25 02:38:50
alpinelinux
alpinelinux
CVE-2021-3509
2021-05-27 00:15:08
ubuntucve
ubuntucve
CVE-2021-3509
2021-05-27 00:00:00
CVE-2020-27839
2021-05-26 00:00:00
prion
prion
Code injection
2021-05-27 00:15:00
Design/Logic Flaw
2021-05-26 22:15:00
nvd
nvd
CVE-2021-3509
2021-05-27 00:15:08
CVE-2020-27839
2021-05-26 22:15:07
cve
cve
CVE-2021-3509
2021-05-27 00:15:08
CVE-2020-27839
2021-05-26 22:15:07
redhatcve
redhatcve
CVE-2021-3509
2021-05-19 00:25:15
CVE-2020-27839
2020-12-14 11:30:26
debiancve
debiancve
CVE-2021-3509
2021-05-27 00:15:08
CVE-2020-27839
2021-05-26 22:15:07
redhat
redhat
nessus
nessus
RHEL 7 / 8 : Red Hat Ceph Storage 4.2 Security and Bug Fix Update (Important) (RHSA-2021:2445)
2021-06-16 00:00:00
openSUSE 15 Security Update : ceph (openSUSE-SU-2021:1834-1)
2021-07-16 00:00:00
SUSE SLED15 / SLES15 Security Update : ceph (SUSE-SU-2021:1108-1)
2021-04-09 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2021-03-11 22:57:05
Cross-Site Scripting (XSS)
2021-05-23 06:09:08
cvelist
cvelist
CVE-2020-27839
2021-05-26 21:25:44
openvas
openvas
Mageia: Security Advisory (MGASA-2021-0126)
2022-01-28 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:1108-1)
2021-06-09 00:00:00
Fedora: Security Advisory for ceph (FEDORA-2021-93ff9e9103)
2021-03-06 00:00:00
archlinux
archlinux
[ASA-202105-3] ceph: multiple issues
2021-05-19 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: ceph-15.2.9-1.fc33
2021-03-05 19:17:30
suse
suse
Security update for ceph (moderate)
2021-04-12 00:00:00
Security update for ceph (important)
2021-06-04 00:00:00
Security update for ceph (important)
2021-07-11 00:00:00
mageia
mageia
Updated ceph packages fix security vulnerabilities
2021-03-12 04:25:47
Updated ceph packages fix a security vulnerability
2021-05-27 16:43:31
ubuntu
ubuntu
Ceph vulnerabilities
2021-06-25 00:00:00
Ceph vulnerabilities
2021-11-01 00:00:00