Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2021-3509

Опубликовано: 27 мая 2021
Источник: ubuntu
Приоритет: medium
CVSS2: 4.3
CVSS3: 6.1

Описание

A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The greatest threat to the system is for confidentiality, integrity, and availability.

РелизСтатусПримечание
bionic

not-affected

12.2.13-0ubuntu0.18.04.8
devel

released

16.2.4-0ubuntu1
esm-infra-legacy/trusty

not-affected

esm-infra/bionic

not-affected

12.2.13-0ubuntu0.18.04.8
esm-infra/focal

released

15.2.12-0ubuntu0.20.04.1
esm-infra/xenial

not-affected

focal

released

15.2.12-0ubuntu0.20.04.1
groovy

released

15.2.12-0ubuntu0.20.10.1
hirsute

released

16.2.6-0ubuntu0.21.04.2
impish

released

16.2.4-0ubuntu1

Показывать по

Ссылки на источники

4.3 Medium

CVSS2

6.1 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2021-3509

CVSS3: 8.1
redhat
больше 4 лет назад

A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The greatest threat to the system is for confidentiality, integrity, and availability.

nvd логотип

CVE-2021-3509

CVSS3: 6.1
nvd
больше 4 лет назад

A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The greatest threat to the system is for confidentiality, integrity, and availability.

debian логотип

CVE-2021-3509

CVSS3: 6.1
debian
больше 4 лет назад

A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component ...

github логотип

GHSA-g9cr-7jh8-qrmx

CVSS3: 6.1
github
больше 3 лет назад

A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The greatest threat to the system is for confidentiality, integrity, and availability.

fstec логотип

BDU:2022-00286

CVSS3: 6.1
fstec
почти 5 лет назад

Уязвимость компонента Dashboard системы хранения данных Ceph, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю оказать воздействие на целостность данных

4.3 Medium

CVSS2

6.1 Medium

CVSS3