A security issue was found in ceph in versions before 15.2.9. The JWT token used by the ceph dashboard for authorising against the API was stored inside the local storage of the browser, making it vulnerable to cross-site scripting attacks. Ceph version 15.2.9 mitigates this issue by using secure cookies for storage instead.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat ceph |