mirror of
https://github.com/ceph/ceph
synced 2024-12-22 03:22:00 +00:00
6edb1e9cf9
Signed-off-by: Sage Weil <sage@newdream.net>
29 lines
576 B
ReStructuredText
29 lines
576 B
ReStructuredText
.. _CVE-2021-3509:
|
|
|
|
CVE-2021-3509: Dashboard XSS via token cookie
|
|
=============================================
|
|
|
|
* `NIST information page <https://nvd.nist.gov/vuln/detail/CVE-2021-3509>`_
|
|
|
|
The Ceph Dashboard was vulnerable to an XSS attack that could expose the authentication
|
|
cookie to other sites.
|
|
|
|
|
|
Affected versions
|
|
-----------------
|
|
|
|
* Octopus v15.2.0 and later
|
|
|
|
Fixed versions
|
|
--------------
|
|
|
|
* Pacific v16.2.4 (and later)
|
|
* Octopus v15.2.12 (and later)
|
|
* Nautilus v14.2.21 (and later)
|
|
|
|
|
|
Recommendations
|
|
---------------
|
|
|
|
All users of the Ceph dashboard should upgrade.
|