Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-3509

Опубликовано: 27 мая 2021
Источник: nvd
CVSS3: 6.1
CVSS2: 4.3
EPSS Низкий

Описание

A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The greatest threat to the system is for confidentiality, integrity, and availability.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:redhat:ceph_storage:4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 69%
0.00597
Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2021-3509

CVSS3: 6.1
ubuntu
больше 4 лет назад

A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The greatest threat to the system is for confidentiality, integrity, and availability.

redhat логотип

CVE-2021-3509

CVSS3: 8.1
redhat
больше 4 лет назад

A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The greatest threat to the system is for confidentiality, integrity, and availability.

debian логотип

CVE-2021-3509

CVSS3: 6.1
debian
больше 4 лет назад

A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component ...

github логотип

GHSA-g9cr-7jh8-qrmx

CVSS3: 6.1
github
больше 3 лет назад

A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The greatest threat to the system is for confidentiality, integrity, and availability.

fstec логотип

BDU:2022-00286

CVSS3: 6.1
fstec
почти 5 лет назад

Уязвимость компонента Dashboard системы хранения данных Ceph, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю оказать воздействие на целостность данных

EPSS

Процентиль: 69%
0.00597
Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79