Vulnerability Details : CVE-2021-3509
A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The greatest threat to the system is for confidentiality, integrity, and availability.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2021-3509
- cpe:2.3:a:redhat:ceph_storage:4.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-3509
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 47 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-3509
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
6.1
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST |
CWE ids for CVE-2021-3509
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: secalert@redhat.com (Primary)
References for CVE-2021-3509
-
https://github.com/ceph/ceph/commit/af3fffab3b0f13057134d96e5d481e400d8bfd27
mgr/dashboard: fix cookie injection issue · ceph/ceph@af3fffa · GitHubPatch;Third Party Advisory
-
https://github.com/ceph/ceph/commit/7a1ca8d372da3b6a4fc3d221a0e5f72d1d61c27b
mgr/dashboard: fix cookie injection issue · ceph/ceph@7a1ca8d · GitHubPatch;Third Party Advisory
-
https://github.com/ceph/ceph/commit/adda853e64bdba1288d46bc7d462d23d8f2f10ca
mgr/dashboard: fix cookie injection issue · ceph/ceph@adda853 · GitHubPatch;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1950116
1950116 – (CVE-2021-3509) CVE-2021-3509 ceph-dashboard: Cross-site scripting via token CookieIssue Tracking;Patch;Vendor Advisory
-
https://github.com/ceph/ceph/blob/f1557e8f62d31883d3d34ae241a1a26af11d923f/src/pybind/mgr/dashboard/controllers/docs.py#L394-L409
ceph/docs.py at f1557e8f62d31883d3d34ae241a1a26af11d923f · ceph/ceph · GitHubExploit;Third Party Advisory
Jump to