• »
  • Security »
  • Past vulnerabilities »
  • CVE-2021-3509: Dashboard XSS via token cookie
  • View page source
Logo
  • Intro to Ceph
  • Installing Ceph
  • Cephadm
  • Ceph Storage Cluster
  • Ceph File System
  • Ceph Block Device
  • Ceph Object Gateway
  • Ceph Manager Daemon
  • Ceph Dashboard
  • Monitoring overview
  • API Documentation
  • Architecture
  • Developer Guide
  • Ceph Internals
  • Governance
  • Ceph Foundation
  • ceph-volume
  • Ceph Releases (general)
  • Ceph Releases (index)
  • Security
    • Past Vulnerabilities / CVEs
      • CVE-2022-0670
      • CVE-2021-3531
      • CVE-2021-3524
      • CVE-2021-3509
        • Affected versions
        • Fixed versions
        • Recommendations
      • CVE-2021-20288
    • Vulnerability Management Process
    • Reporting a vulnerability
    • Supported versions
  • Glossary
  • Tracing
Ceph
Report a Documentation Bug

CVE-2021-3509: Dashboard XSS via token cookie

  • NIST information page

The Ceph Dashboard was vulnerable to an XSS attack that could expose the authentication cookie to other sites.

Affected versions

  • Octopus v15.2.0 and later

Fixed versions

  • Pacific v16.2.4 (and later)

  • Octopus v15.2.12 (and later)

  • Nautilus v14.2.21 (and later)

Recommendations

All users of the Ceph dashboard should upgrade.

Previous Next

© Copyright 2016, Ceph authors and contributors. Licensed under Creative Commons Attribution Share Alike 3.0 (CC-BY-SA-3.0).