Bug 1950116 (CVE-2021-3509)
Summary: | CVE-2021-3509 ceph-dashboard: Cross-site scripting via token Cookie | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | adeza, amctagga, anharris, bniver, branto, danmick, david, dbecker, epuertat, fedora, flucifre, gfidente, gmeno, hvyas, i, jdurgin, jjoyce, josef, jschluet, kkeithle, lhh, loic, lpeer, madam, mbenjamin, mburns, mhackett, mhicks, ocs-bugs, ramkrsna, sclewis, security-response-team, slinaber, sostapov, steve, sweil, vereddy |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | nautilus 14.2.20 , octopus 15.2.11 , pacific 16.2.3 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in the Red Hat Ceph Storage Dashboard. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS. The greatest threat to the system is for confidentiality, integrity, and availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-06-15 21:04:04 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1953091, 1960697, 1960759 | ||
Bug Blocks: | 1950121, 1951729 |
Description
Pedro Sampaio
2021-04-15 19:10:02 UTC
Statement: Red Hat OpenStack Platform deployments use the ceph package directly from the Ceph channel; the RHOSP package will not be updated at this time. Red Hat OpenShift Container Storage (RHOCS) 4 shipped ceph package for the usage of RHOCS 4.2 only which has reached End of Life. The shipped version of ceph package is neither used nor supported with the release of RHOCS 4.3. Red Hat Ceph Storage (RHCS) 4 ships a version of ceph which has not been patched for CVE-2020-27839, and therefore, although not vulnerable to this specific flaw, would be vulnerable if CVE-2020-27839 were to be patched without recognition of the flaw. Red Hat Enterprise Linux 8 is not affected by this flaw as it does not include the ceph dashboard component. Acknowledgments: Name: Sergey Bobrov (Kaspersky) Created ceph tracking bugs for this issue: Affects: fedora-all [bug 1960759] Patches: Nautilus: https://github.com/ceph/ceph/commit/adda853e64bdba1288d46bc7d462d23d8f2f10ca Octopus: https://github.com/ceph/ceph/commit/7a1ca8d372da3b6a4fc3d221a0e5f72d1d61c27b Pacific: https://github.com/ceph/ceph/commit/af3fffab3b0f13057134d96e5d481e400d8bfd27 This issue has been addressed in the following products: Red Hat Ceph Storage 4.2 Via RHSA-2021:2445 https://access.redhat.com/errata/RHSA-2021:2445 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-3509 |