diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-21 11:54:28 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-21 11:54:28 +0000 |
commit | e6918187568dbd01842d8d1d2c808ce16a894239 (patch) | |
tree | 64f88b554b444a49f656b6c656111a145cbbaa28 /doc/security/CVE-2021-3509.rst | |
parent | Initial commit. (diff) | |
download | ceph-e6918187568dbd01842d8d1d2c808ce16a894239.tar.xz ceph-e6918187568dbd01842d8d1d2c808ce16a894239.zip |
Adding upstream version 18.2.2.upstream/18.2.2
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'doc/security/CVE-2021-3509.rst')
-rw-r--r-- | doc/security/CVE-2021-3509.rst | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/doc/security/CVE-2021-3509.rst b/doc/security/CVE-2021-3509.rst new file mode 100644 index 000000000..7e865e9b2 --- /dev/null +++ b/doc/security/CVE-2021-3509.rst @@ -0,0 +1,28 @@ +.. _CVE-2021-3509: + +CVE-2021-3509: Dashboard XSS via token cookie +============================================= + +* `NIST information page <https://nvd.nist.gov/vuln/detail/CVE-2021-3509>`_ + +The Ceph Dashboard was vulnerable to an XSS attack that could expose the authentication +cookie to other sites. + + +Affected versions +----------------- + +* Octopus v15.2.0 and later + +Fixed versions +-------------- + +* Pacific v16.2.4 (and later) +* Octopus v15.2.12 (and later) +* Nautilus v14.2.21 (and later) + + +Recommendations +--------------- + +All users of the Ceph dashboard should upgrade. |