CVE-2021-3509: XSS
First published: Thu Apr 15 2021(Updated: )
A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The greatest threat to the system is for confidentiality, integrity, and availability.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/nautilus | <14.2.20 | 14.2.20 |
| redhat/octopus | <15.2.11 | 15.2.11 |
| redhat/pacific | <16.2.3 | 16.2.3 |
| Red Hat Ceph Storage | =4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1950116
- https://github.com/ceph/ceph/blob/f1557e8f62d31883d3d34ae241a1a26af11d923f/src/pybind/mgr/dashboard/controllers/docs.py#L394-L409
- https://github.com/ceph/ceph/commit/7a1ca8d372da3b6a4fc3d221a0e5f72d1d61c27b
- https://github.com/ceph/ceph/commit/adda853e64bdba1288d46bc7d462d23d8f2f10ca
- https://github.com/ceph/ceph/commit/af3fffab3b0f13057134d96e5d481e400d8bfd27
- https://access.redhat.com/security/cve/CVE-2020-27839
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1960759
- https://access.redhat.com/errata/RHSA-2021:2445
- https://access.redhat.com/security/cve/cve-2021-3509
Frequently Asked Questions
What is the severity of CVE-2021-3509?
CVE-2021-3509 has been assigned a high severity rating due to its potential exploitation in XSS attacks.
How do I fix CVE-2021-3509?
To mitigate CVE-2021-3509, upgrade to Red Hat Ceph Storage versions 14.2.20, 15.2.11, or 16.2.3.
Which versions of Red Hat Ceph Storage are affected by CVE-2021-3509?
CVE-2021-3509 affects Red Hat Ceph Storage versions prior to 14.2.20, 15.2.11, and 16.2.3.
What components are impacted by CVE-2021-3509?
CVE-2021-3509 impacts the Dashboard component of Red Hat Ceph Storage.
Is there an official patch for CVE-2021-3509?
Yes, official patches are available in the form of upgrades to specific version releases for Red Hat Ceph Storage.
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-3509
- agent/software-canonical-lookup
- agent/author
- agent/severity
- agent/references
- agent/description
- agent/weakness
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/redhat
- canonical/red hat ceph storage
- version/red hat ceph storage/4.0