]>
Commit | Line | Data |
---|---|---|
20effc67 TL |
1 | .. _CVE-2021-3509: |
2 | ||
3 | CVE-2021-3509: Dashboard XSS via token cookie | |
4 | ============================================= | |
5 | ||
6 | * `NIST information page <https://nvd.nist.gov/vuln/detail/CVE-2021-3509>`_ | |
7 | ||
8 | The Ceph Dashboard was vulnerable to an XSS attack that could expose the authentication | |
9 | cookie to other sites. | |
10 | ||
11 | ||
12 | Affected versions | |
13 | ----------------- | |
14 | ||
15 | * Octopus v15.2.0 and later | |
16 | ||
17 | Fixed versions | |
18 | -------------- | |
19 | ||
20 | * Pacific v16.2.4 (and later) | |
21 | * Octopus v15.2.12 (and later) | |
22 | * Nautilus v14.2.21 (and later) | |
23 | ||
24 | ||
25 | Recommendations | |
26 | --------------- | |
27 | ||
28 | All users of the Ceph dashboard should upgrade. |