UBUNTU-CVE-2021-3509
- Source
- https://ubuntu.com/security/CVE-2021-3509
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-3509.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2021-3509
- Upstream
- Downstream
- Related
- Published
- 2021-05-27T00:15:00Z
- Modified
- 2025-09-08T16:46:44Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The greatest threat to the system is for confidentiality, integrity, and availability.
- References
Affected packages
Ubuntu:20.04:LTS / ceph
Package
- Name
- ceph
- Purl
- pkg:deb/ubuntu/ceph@15.2.12-0ubuntu0.20.04.1?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed15.2.12-0ubuntu0.20.04.1
Affected versions
14.*
14.2.2-0ubuntu3
14.2.2-0ubuntu4
14.2.4-0ubuntu1
14.2.4-0ubuntu2
14.2.4-0ubuntu3
15.*
15.1.0-0ubuntu2
15.1.0-0ubuntu3
15.1.1-0ubuntu1
15.2.0-0ubuntu1
15.2.0-0ubuntu2
15.2.1-0ubuntu1
15.2.1-0ubuntu2
15.2.3-0ubuntu0.20.04.1
15.2.3-0ubuntu0.20.04.2
15.2.5-0ubuntu0.20.04.1
15.2.7-0ubuntu0.20.04.1
15.2.7-0ubuntu0.20.04.2
15.2.8-0ubuntu0.20.04.1
15.2.11-0ubuntu0.20.04.2
Ecosystem specific
{
"binaries": [
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "ceph"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "ceph-base"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "ceph-common"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "ceph-fuse"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "ceph-immutable-object-cache"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "ceph-mds"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "ceph-mgr"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "ceph-mgr-cephadm"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "ceph-mgr-dashboard"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "ceph-mgr-diskprediction-cloud"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "ceph-mgr-diskprediction-local"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "ceph-mgr-k8sevents"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "ceph-mgr-modules-core"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "ceph-mgr-rook"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "ceph-mon"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "ceph-osd"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "ceph-resource-agents"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "cephadm"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "cephfs-shell"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "libcephfs-dev"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "libcephfs-java"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "libcephfs-jni"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "libcephfs2"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "librados-dev"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "librados2"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "libradospp-dev"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "libradosstriper-dev"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "libradosstriper1"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "librbd-dev"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "librbd1"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "librgw-dev"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "librgw2"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "python3-ceph"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "python3-ceph-argparse"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "python3-ceph-common"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "python3-cephfs"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "python3-rados"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "python3-rbd"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "python3-rgw"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "rados-objclass-dev"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "radosgw"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "rbd-fuse"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "rbd-mirror"
},
{
"binary_version": "15.2.12-0ubuntu0.20.04.1",
"binary_name": "rbd-nbd"
}
],
"availability": "No subscription required"
}