ceph/doc/security/CVE-2021-3509.rst

.. _CVE-2021-3509:

CVE-2021-3509: Dashboard XSS via token cookie
=============================================

* `NIST information page <https://nvd.nist.gov/vuln/detail/CVE-2021-3509>`_

The Ceph Dashboard was vulnerable to an XSS attack that could expose the authentication
cookie to other sites.


Affected versions
-----------------

* Octopus v15.2.0 and later

Fixed versions
--------------

* Pacific v16.2.4 (and later)
* Octopus v15.2.12 (and later)
* Nautilus v14.2.21 (and later)


Recommendations
---------------

All users of the Ceph dashboard should upgrade.
doc/security: summarize CVEs Signed-off-by: Sage Weil <sage@newdream.net> 2021-05-13 20:20:48 +00:00			`.. _CVE-2021-3509:`

			`CVE-2021-3509: Dashboard XSS via token cookie`
			`=============================================`

			* `NIST information page <https://nvd.nist.gov/vuln/detail/CVE-2021-3509>`_

			`The Ceph Dashboard was vulnerable to an XSS attack that could expose the authentication`
			`cookie to other sites.`


			`Affected versions`
			`-----------------`

			`* Octopus v15.2.0 and later`

			`Fixed versions`
			`--------------`

			`* Pacific v16.2.4 (and later)`
			`* Octopus v15.2.12 (and later)`
			`* Nautilus v14.2.21 (and later)`


			`Recommendations`
			`---------------`

			`All users of the Ceph dashboard should upgrade.`