CVE-2021-3509

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-3509
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3509.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-3509
Downstream
Related
Published
2021-05-27T00:15:08.577Z
Modified
2026-04-02T07:33:48.103246Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The greatest threat to the system is for confidentiality, integrity, and availability.

References

Affected packages

Git / github.com/ceph/ceph

Affected ranges

Type
GIT
Repo
https://github.com/ceph/ceph
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
7a1ca8d372da3b6a4fc3d221a0e5f72d1d61c27b
Type
GIT
Repo
https://github.com/ceph/ceph
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
adda853e64bdba1288d46bc7d462d23d8f2f10ca
Type
GIT
Repo
https://github.com/ceph/ceph
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
af3fffab3b0f13057134d96e5d481e400d8bfd27
Type
GIT
Repo
https://github.com/ceph/ceph
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
7a1ca8d372da3b6a4fc3d221a0e5f72d1d61c27b
Type
GIT
Repo
https://github.com/ceph/ceph
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
adda853e64bdba1288d46bc7d462d23d8f2f10ca
Type
GIT
Repo
https://github.com/ceph/ceph
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
af3fffab3b0f13057134d96e5d481e400d8bfd27

Affected versions

Other
BRI-nautilus
SES1-GM
SES1-maint01
agogpemikxte-build-me
rrygrvmctuzz-build-me
ses2-gm
ses3-milestone4
ses3-milestone5
ses3-milestone6
ses5-deepsea-pr-test
ses5-gm
ses5-milestone10
ses5-milestone11
ses5-milestone12
ses5-milestone5
ses5-milestone6
ses5-milestone7
ses5-milestone8
ses5-milestone9
suse_hammer
suse_latest
mark-v0.*
mark-v0.70-wip
v0.*
v0.1
v0.10
v0.11
v0.12
v0.13
v0.14
v0.15
v0.16
v0.16.1
v0.17
v0.18
v0.19
v0.19.1
v0.2
v0.20
v0.20.1
v0.20.2
v0.21
v0.21.1
v0.21.2
v0.21.3
v0.22
v0.22.1
v0.22.2
v0.23
v0.23.1
v0.23.2
v0.24
v0.24.1
v0.24.2
v0.24.3
v0.25
v0.25.1
v0.25.2
v0.26
v0.27
v0.27.1
v0.28
v0.28.1
v0.28.2
v0.29
v0.29.1
v0.3
v0.30
v0.31
v0.32
v0.33
v0.34
v0.35
v0.36
v0.37
v0.38
v0.39
v0.4
v0.40
v0.41
v0.42
v0.42.1
v0.42.2
v0.43
v0.44
v0.44.1
v0.44.2
v0.45
v0.46
v0.47
v0.47.1
v0.47.2
v0.47.3
v0.48.1argonaut
v0.48.2argonaut
v0.48.3argonaut
v0.48argonaut
v0.49
v0.5
v0.50
v0.51
v0.52
v0.53
v0.54
v0.55
v0.55.1
v0.56
v0.56.1
v0.56.2
v0.56.3
v0.56.4
v0.56.5
v0.56.6
v0.56.7
v0.57
v0.58
v0.59
v0.6
v0.60
v0.61
v0.61.1
v0.61.2
v0.61.3
v0.61.4
v0.61.5
v0.61.6
v0.61.7
v0.61.8
v0.61.9
v0.62
v0.63
v0.64
v0.65
v0.66
v0.67
v0.67-rc1
v0.67-rc2
v0.67-rc3
v0.67.1
v0.67.10
v0.67.11
v0.67.2
v0.67.3
v0.67.4
v0.67.5
v0.67.6
v0.67.7
v0.67.8
v0.67.9
v0.68
v0.69
v0.7
v0.7.1
v0.7.2
v0.7.3
v0.70
v0.71
v0.72
v0.72-rc1
v0.72.1
v0.72.2
v0.73
v0.74
v0.75
v0.76
v0.77
v0.78
v0.79
v0.8
v0.80
v0.80-rc1
v0.80.1
v0.80.10
v0.80.11
v0.80.2
v0.80.3
v0.80.4
v0.80.5
v0.80.6
v0.80.7
v0.80.8
v0.80.8.1
v0.80.8.2
v0.80.8.4
v0.80.8.5
v0.80.9
v0.81
v0.82
v0.83
v0.84
v0.85
v0.86
v0.87
v0.87.1
v0.87.2
v0.88
v0.89
v0.9
v0.90
v0.91
v0.92
v0.93
v0.94
v0.94.1
v0.94.1.1
v0.94.1.2
v0.94.1.3
v0.94.1.4
v0.94.1.5
v0.94.1.6
v0.94.1.7
v0.94.10
v0.94.2
v0.94.3
v0.94.3.1
v0.94.3.2
v0.94.3.3
v0.94.4
v0.94.5
v0.94.6
v0.94.7
v0.94.8
v0.94.9
v10.*
v10.0.0
v10.0.1
v10.0.2
v10.0.3
v10.0.4
v10.0.5
v10.1.0
v10.1.1
v10.1.2
v10.2.0
v10.2.01
v10.2.1
v10.2.10
v10.2.11
v10.2.2
v10.2.3
v10.2.4
v10.2.5
v10.2.6
v10.2.7
v10.2.8
v10.2.9
v11.*
v11.0.0
v11.0.1
v11.0.2
v11.1.0
v11.1.1
v11.2.0
v11.2.1
v12.*
v12.0.0
v12.0.1
v12.0.2
v12.0.3
v12.1.0
v12.1.1
v12.1.2
v12.1.3
v12.1.4
v12.2.0
v12.2.1
v12.2.10
v12.2.11
v12.2.12
v12.2.13
v12.2.14
v12.2.2
v12.2.3
v12.2.4
v12.2.5
v12.2.6
v12.2.7
v12.2.8
v12.2.9
v13.*
v13.0.0
v13.0.1
v13.0.2
v13.1.0
v13.1.1
v13.2.0
v13.2.1
v13.2.10
v13.2.2
v13.2.3
v13.2.4
v13.2.5
v13.2.6
v13.2.7
v13.2.8
v13.2.9
v14.*
v14.0.0
v14.0.1
v14.1.0
v14.1.1
v14.2.0
v14.2.1
v14.2.10
v14.2.11
v14.2.12
v14.2.13
v14.2.14
v14.2.15
v14.2.16
v14.2.17
v14.2.18
v14.2.19
v14.2.2
v14.2.20
v14.2.21
v14.2.22
v14.2.3
v14.2.4
v14.2.5
v14.2.6
v14.2.7
v14.2.8
v14.2.9
v15.*
v15.0.0
v15.1.0
v15.1.1
v15.2.0
v15.2.1
v15.2.10
v15.2.11
v15.2.12
v15.2.13
v15.2.14
v15.2.15
v15.2.16
v15.2.17
v15.2.2
v15.2.3
v15.2.4
v15.2.5
v15.2.6
v15.2.7
v15.2.8
v15.2.9
v16.*
v16.0.0
v16.1.0
v16.2.0
v16.2.1
v16.2.10
v16.2.11
v16.2.12
v16.2.13
v16.2.14
v16.2.15
v16.2.2
v16.2.3
v16.2.4
v16.2.5
v16.2.6
v16.2.7
v16.2.8
v16.2.9
v17.*
v17.0.0
v17.1.0
v17.2.0
v17.2.1
v17.2.2
v17.2.3
v17.2.4
v17.2.5
v17.2.6
v17.2.7
v17.2.8
v17.2.9
v18.*
v18.0.0
v18.1.0
v18.1.1
v18.1.2
v18.1.3
v18.2.0
v18.2.1
v18.2.2
v18.2.4
v18.2.5
v18.2.6
v18.2.7
v18.2.8
v19.*
v19.0.0
v19.1.0
v19.1.1
v19.2.0
v19.2.1
v19.2.2
v19.2.3
v19.3.0
v20.*
v20.0.0
v20.1.0
v20.1.1
v20.2.0
v20.3.0
v21.*
v21.0.0
v9.*
v9.0.0
v9.0.1
v9.0.2
v9.0.3
v9.1.0
v9.2.0
v9.2.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3509.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "4.0"
            }
        ]
    }
]