Navigation

  • index
  • routing table |
  • modules |
  • next |
  • previous |
  • Ceph Documentation »
  • Security »
  • Past vulnerabilities »
  • CVE-2021-3509: Dashboard XSS via token cookie
Report a Documentation Bug

CVE-2021-3509: Dashboard XSS via token cookie¶

  • NIST information page

The Ceph Dashboard was vulnerable to an XSS attack that could expose the authentication cookie to other sites.

Affected versions¶

  • Octopus v15.2.0 and later

Fixed versions¶

  • Pacific v16.2.4 (and later)

  • Octopus v15.2.12 (and later)

  • Nautilus v14.2.21 (and later)

Recommendations¶

All users of the Ceph dashboard should upgrade.

Logo

Table Of Contents

  • Intro to Ceph
  • Installing Ceph
  • Cephadm
  • Ceph Storage Cluster
  • Ceph File System
  • Ceph Block Device
  • Ceph Object Gateway
  • Ceph Manager Daemon
  • Ceph Dashboard
  • API Documentation
  • Architecture
  • Developer Guide
  • Ceph Internals
  • Governance
  • Ceph Foundation
  • ceph-volume
  • Ceph Releases (general)
  • Ceph Releases (index)
  • Security
    • Past Vulnerabilities / CVEs
      • CVE-2022-0670
      • CVE-2021-3531
      • CVE-2021-3524
      • CVE-2021-3509
        • Affected versions
        • Fixed versions
        • Recommendations
      • CVE-2021-20288
    • Vulnerability Management Process
    • Reporting a vulnerability
    • Supported versions
  • Glossary
  • Index

Quick search

Navigation

  • index
  • routing table |
  • modules |
  • next |
  • previous |
  • Ceph Documentation »
  • Security »
  • Past vulnerabilities »
  • CVE-2021-3509: Dashboard XSS via token cookie
© Copyright 2016, Ceph authors and contributors. Licensed under Creative Commons Attribution Share Alike 3.0 (CC-BY-SA-3.0).