rpm package
suse/ceph&distro=SUSE Linux Enterprise Micro 5.0
pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Micro%205.0
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3509 | — | < 15.2.12.83+g528da226523-3.25.1 | 15.2.12.83+g528da226523-3.25.1 | May 26, 2021 | A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it ava | ||
| CVE-2021-3531 | — | < 15.2.12.83+g528da226523-3.25.1 | 15.2.12.83+g528da226523-3.25.1 | May 18, 2021 | A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability. | ||
| CVE-2021-3524 | — | < 15.2.12.83+g528da226523-3.25.1 | 15.2.12.83+g528da226523-3.25.1 | May 17, 2021 | A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates |
- CVE-2021-3509May 26, 2021affected < 15.2.12.83+g528da226523-3.25.1fixed 15.2.12.83+g528da226523-3.25.1
A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it ava
- CVE-2021-3531May 18, 2021affected < 15.2.12.83+g528da226523-3.25.1fixed 15.2.12.83+g528da226523-3.25.1
A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability.
- CVE-2021-3524May 17, 2021affected < 15.2.12.83+g528da226523-3.25.1fixed 15.2.12.83+g528da226523-3.25.1
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates