CVE-2021-3509

A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The greatest threat to the system is for confidentiality, integrity, and availability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:ceph_storage:4.0:*:*:*:*:*:*:*

History

04 Jun 2021, 17:23

Type Values Removed Values Added
CPE cpe:2.3:a:redhat:ceph_storage:4.0:*:*:*:*:*:*:*
References (MISC) https://github.com/ceph/ceph/commit/af3fffab3b0f13057134d96e5d481e400d8bfd27 - (MISC) https://github.com/ceph/ceph/commit/af3fffab3b0f13057134d96e5d481e400d8bfd27 - Patch, Third Party Advisory
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1950116 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1950116 - Issue Tracking, Patch, Vendor Advisory
References (MISC) https://github.com/ceph/ceph/commit/adda853e64bdba1288d46bc7d462d23d8f2f10ca - (MISC) https://github.com/ceph/ceph/commit/adda853e64bdba1288d46bc7d462d23d8f2f10ca - Patch, Third Party Advisory
References (MISC) https://github.com/ceph/ceph/commit/7a1ca8d372da3b6a4fc3d221a0e5f72d1d61c27b - (MISC) https://github.com/ceph/ceph/commit/7a1ca8d372da3b6a4fc3d221a0e5f72d1d61c27b - Patch, Third Party Advisory
References (MISC) https://github.com/ceph/ceph/blob/f1557e8f62d31883d3d34ae241a1a26af11d923f/src/pybind/mgr/dashboard/controllers/docs.py#L394-L409 - (MISC) https://github.com/ceph/ceph/blob/f1557e8f62d31883d3d34ae241a1a26af11d923f/src/pybind/mgr/dashboard/controllers/docs.py#L394-L409 - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 4.3
v3 : 6.1

27 May 2021, 02:11

Type Values Removed Values Added
CWE CWE-79

27 May 2021, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-05-27 00:15

Updated : 2024-02-04 21:47


NVD link : CVE-2021-3509

Mitre link : CVE-2021-3509

CVE.ORG link : CVE-2021-3509


JSON object : View

Products Affected

redhat

  • ceph_storage
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')