PT-2021-5810 · Red Hat+5 · Red Hat Ceph Storage+5

Pedro Sampaio

·

Published

2021-04-15

·

Updated

2022-04-25

·

CVE-2021-3509

CVSS v3.1

6.1

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Red Hat Ceph Storage version 4
Description A flaw was found in the Dashboard component of Red Hat Ceph Storage, where the JWT token was moved from localStorage to an httpOnly cookie in response to a previous issue. However, the token cookies are used in the body of the HTTP response for documentation, making it available to XSS attacks. The greatest threat to the system is for confidentiality, integrity, and availability. Exploitation of this issue may allow a remote attacker to impact data integrity.
Recommendations For Red Hat Ceph Storage version 4, consider disabling the use of token cookies in the HTTP response body for documentation as a temporary workaround until a patch is available. Restrict access to the Dashboard component to minimize the risk of exploitation. Avoid using the token cookie in the affected HTTP response until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALT-PU-2021-1819
ALT-PU-2021-1830
ALT-PU-2021-2332
BDU:2022-00286
CVE-2021-3509
OPENSUSE-SU-2021:0833-1
OPENSUSE-SU-2021:1834-1
OPENSUSE-SU-2021_0833-1
OPENSUSE-SU-2021_1834-1
OPENSUSE-SU-2024:10676-1
RHSA-2021:2445
SUSE-SU-2021:1834-1
SUSE-SU-2021:1835-1
SUSE-SU-2021_1834-1
SUSE-SU-2021_1835-1
USN-4998-1
USN-5128-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Red Hat Ceph Storage
Suse
Ubuntu