Unrated severityNVD Advisory· Published May 26, 2021· Updated Aug 3, 2024
CVE-2021-3509
CVE-2021-3509
Description
A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The greatest threat to the system is for confidentiality, integrity, and availability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
19- Red Hat/Ceph Storagedescription
- Range: 4
- osv-coords17 versionspkg:rpm/opensuse/ceph&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/ceph&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/ceph-test&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/ceph-test&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/ceph&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/ceph&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Micro%205.0pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/ceph&distro=SUSE%20Manager%20Proxy%204.0pkg:rpm/suse/ceph&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0pkg:rpm/suse/ceph&distro=SUSE%20Manager%20Server%204.0
< 15.2.12.83+g528da226523-lp152.2.18.1+ 16 more
- (no CPE)range: < 15.2.12.83+g528da226523-lp152.2.18.1
- (no CPE)range: < 15.2.12.83+g528da226523-3.25.1
- (no CPE)range: < 15.2.12.83+g528da226523-lp152.2.18.1
- (no CPE)range: < 15.2.12.83+g528da226523-3.25.1
- (no CPE)range: < 14.2.21.403+g69ab6ea274d-3.63.1
- (no CPE)range: < 15.2.12.83+g528da226523-3.25.1
- (no CPE)range: < 14.2.21.403+g69ab6ea274d-3.63.1
- (no CPE)range: < 14.2.21.403+g69ab6ea274d-3.63.1
- (no CPE)range: < 15.2.12.83+g528da226523-3.25.1
- (no CPE)range: < 15.2.12.83+g528da226523-3.25.1
- (no CPE)range: < 15.2.12.83+g528da226523-3.25.1
- (no CPE)range: < 14.2.21.403+g69ab6ea274d-3.63.1
- (no CPE)range: < 14.2.21.403+g69ab6ea274d-3.63.1
- (no CPE)range: < 14.2.21.403+g69ab6ea274d-3.63.1
- (no CPE)range: < 14.2.21.403+g69ab6ea274d-3.63.1
- (no CPE)range: < 14.2.21.403+g69ab6ea274d-3.63.1
- (no CPE)range: < 14.2.21.403+g69ab6ea274d-3.63.1
Patches
Vulnerability mechanics
References
5- bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
- github.com/ceph/ceph/blob/f1557e8f62d31883d3d34ae241a1a26af11d923f/src/pybind/mgr/dashboard/controllers/docs.pymitrex_refsource_MISC
- github.com/ceph/ceph/commit/7a1ca8d372da3b6a4fc3d221a0e5f72d1d61c27bmitrex_refsource_MISC
- github.com/ceph/ceph/commit/adda853e64bdba1288d46bc7d462d23d8f2f10camitrex_refsource_MISC
- github.com/ceph/ceph/commit/af3fffab3b0f13057134d96e5d481e400d8bfd27mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.