Ceph Dashboard
Approved changes feed: RSS · Atom
cpe:2.3:a:n/a:ceph-dashboard:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | N/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78) |
|---|---|
| Product | Ceph Dashboard (1263da76-e23f-51b3-81dc-6df84015092b) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2021-3509 |
vulnerable | 2026-06-08 05:33:52.522196 |
Details available
A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The greatest threat to the system is for confidentiality, integrity, and availability.
Published: 2021-05-26T23:56:39.000Z
Updated: 2024-08-03T16:53:17.842Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-27839 |
vulnerable | 2026-06-08 05:23:53.305415 |
Details available
A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
Published: 2021-05-26T21:25:44.000Z
Updated: 2024-08-04T16:25:43.403Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.