Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2021-3509  

A security issue was found in ceph before version 15.2.12. In order to make the JWT token inaccessible through cross-site scripting (XSS), it was moved from localStorage to httpOnly Cookie (CVE-2020-27839). But token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.

Source
Severity Medium

Remote Yes

Type Cross-site scripting

Description 

A security issue was found in ceph before version 15.2.12. In order to make the JWT token inaccessible through cross-site scripting (XSS), it was moved from localStorage to httpOnly Cookie (CVE-2020-27839). But token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.

AVG-1826 ceph 15.2.10-1 High Vulnerable FS#70450 

https://bugzilla.redhat.com/show_bug.cgi?id=1950116
https://github.com/ceph/ceph/commit/7a1ca8d372da3b6a4fc3d221a0e5f72d1d61c27b

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started