ceph/doc/security/CVE-2021-3509.rst
Sage Weil 6edb1e9cf9 doc/security: summarize CVEs
Signed-off-by: Sage Weil <sage@newdream.net>
2021-05-13 17:20:55 -05:00

29 lines
576 B
ReStructuredText

.. _CVE-2021-3509:
CVE-2021-3509: Dashboard XSS via token cookie
=============================================
* `NIST information page <https://nvd.nist.gov/vuln/detail/CVE-2021-3509>`_
The Ceph Dashboard was vulnerable to an XSS attack that could expose the authentication
cookie to other sites.
Affected versions
-----------------
* Octopus v15.2.0 and later
Fixed versions
--------------
* Pacific v16.2.4 (and later)
* Octopus v15.2.12 (and later)
* Nautilus v14.2.21 (and later)
Recommendations
---------------
All users of the Ceph dashboard should upgrade.