CVE 2021-3509
A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The greatest threat to the system is for confidentiality, integrity, and availability.
Related bugs and status
CVE-2021-3509 (Candidate) is related to these bugs:
Bug #1892448: ceph 15.2.3-0ubuntu0.20.04.2 collides with ceph-deploy 2.0.1-0ubuntu1
Bug #1914584: [SRU] radosgw-admin user create error message confusing if user with email already exists
Bug #1928645: [SRU] ceph 16.2.4
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1928645 | [SRU] ceph 16.2.4 | ceph (Ubuntu) | High | Fix Released | ||
| 1928645 | [SRU] ceph 16.2.4 | ceph (Ubuntu Impish) | High | Fix Released | ||
| 1928645 | [SRU] ceph 16.2.4 | ceph (Ubuntu Hirsute) | High | Fix Released | ||
| 1928645 | [SRU] ceph 16.2.4 | Ubuntu Cloud Archive | High | Fix Released | ||
| 1928645 | [SRU] ceph 16.2.4 | Ubuntu Cloud Archive wallaby | High | Fix Released | ||
| 1928645 | [SRU] ceph 16.2.4 | Ubuntu Cloud Archive xena | High | Fix Released | ||
Bug #1929179: [SRU] ceph 15.2.12
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1929179 | [SRU] ceph 15.2.12 | ceph (Ubuntu) | Undecided | Invalid | ||
| 1929179 | [SRU] ceph 15.2.12 | ceph (Ubuntu Groovy) | High | Fix Released | ||
| 1929179 | [SRU] ceph 15.2.12 | ceph (Ubuntu Focal) | High | Fix Released | ||
| 1929179 | [SRU] ceph 15.2.12 | Ubuntu Cloud Archive | Undecided | Invalid | ||
| 1929179 | [SRU] ceph 15.2.12 | Ubuntu Cloud Archive ussuri | High | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
