A security issue was found in ceph in versions prior to 15.2.9. The JWT token used by the ceph dashboard for authorising against the API was stored inside the local storage of the browser, making it vulnerable to cross-site scripting attacks. Ceph version 15.2.9 mitigates this issue by using secure cookies for storage instead.
A security issue was found in ceph in versions prior to 15.2.9. The JWT token used by the ceph dashboard for authorising against the API was stored inside the local storage of the browser, making it vulnerable to cross-site scripting attacks. Ceph version 15.2.9 mitigates this issue by using secure cookies for storage instead.
https://tracker.ceph.com/issues/44591 https://github.com/ceph/ceph/pull/38259 https://github.com/ceph/ceph/pull/39120 https://github.com/ceph/ceph/commit/67edff73234732e69b145d5270d744c3fb8168ab