[ceph.git] / ceph / doc / security / CVE-2021-3509.rst

.. _CVE-2021-3509:

CVE-2021-3509: Dashboard XSS via token cookie
=============================================

* `NIST information page <https://nvd.nist.gov/vuln/detail/CVE-2021-3509>`_

The Ceph Dashboard was vulnerable to an XSS attack that could expose the authentication
cookie to other sites.


Affected versions
-----------------

* Octopus v15.2.0 and later

Fixed versions
--------------

* Pacific v16.2.4 (and later)
* Octopus v15.2.12 (and later)
* Nautilus v14.2.21 (and later)


Recommendations
---------------

All users of the Ceph dashboard should upgrade.
Commit	Line	Data
20effc67 TL	1	.. _CVE-2021-3509:
	2
	3	CVE-2021-3509: Dashboard XSS via token cookie
	4	=============================================
	5
	6	* `NIST information page <https://nvd.nist.gov/vuln/detail/CVE-2021-3509>`_
	7
	8	The Ceph Dashboard was vulnerable to an XSS attack that could expose the authentication
	9	cookie to other sites.
	10
	11
	12	Affected versions
	13	-----------------
	14
	15	* Octopus v15.2.0 and later
	16
	17	Fixed versions
	18	--------------
	19
	20	* Pacific v16.2.4 (and later)
	21	* Octopus v15.2.12 (and later)
	22	* Nautilus v14.2.21 (and later)
	23
	24
	25	Recommendations
	26	---------------
	27
	28	All users of the Ceph dashboard should upgrade.