Vulnerability CVE-2021-3509

Vulnerability Name:

CVE-2021-3509 (CCN-202005)

Assigned:

2021-05-14

Published:

2021-05-14

Updated:

2022-04-25

Summary:

A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The greatest threat to the system is for confidentiality, integrity, and availability.

CVSS v3 Severity:

6.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
5.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

6.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
5.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

5.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-79

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2021-3509

Source: MISC
Type: Issue Tracking, Patch, Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1950116

Source: XF
Type: UNKNOWN
ceph-cve20213509-xss(202005)

Source: MISC
Type: Exploit, Third Party Advisory
https://github.com/ceph/ceph/blob/f1557e8f62d31883d3d34ae241a1a26af11d923f/src/pybind/mgr/dashboard/controllers/docs.py#L394-L409

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/ceph/ceph/commit/7a1ca8d372da3b6a4fc3d221a0e5f72d1d61c27b

Source: CCN
Type: Ceph GIT Repository
mgr/dashboard: fix cookie injection issue

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/ceph/ceph/commit/adda853e64bdba1288d46bc7d462d23d8f2f10ca

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/ceph/ceph/commit/af3fffab3b0f13057134d96e5d481e400d8bfd27

Source: CCN
Type: oss-sec Mailing List, Fri, 14 May 2021 14:55:13 -0400
CVE-2021-3509: Ceph: Cross Site Scripting via token Cookie

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2021-3509

Vulnerable Configuration:

Configuration 1:

cpe:/a:redhat:ceph_storage:4.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:ceph:ceph:-:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7460	P	ceph-common-16.2.11.58+g38d6afd3b78-150400.3.6.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:711	P	Security update for python-lxml (Important)	2022-08-26
oval:org.opensuse.security:def:95260	P	Security update for pcre2 (Important)	2022-07-12
oval:org.opensuse.security:def:95261	P	Security update for pcre (Important)	2022-07-12
oval:org.opensuse.security:def:3425	P	alsa-1.0.27.2-15.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3612	P	libjavascriptcoregtk-3_0-0-2.4.11-23.20 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94537	P	dhcp-4.3.6.P1-6.11.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2886	P	ceph-common-16.2.7.654+gd5a90ff46f0-150400.1.4 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94516	P	ceph-common-16.2.7.654+gd5a90ff46f0-150400.1.4 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:6032	P	Security update for clamav (Important)	2022-05-12
oval:org.opensuse.security:def:101974	P	Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP3) (Important)	2022-04-25
oval:org.opensuse.security:def:101973	P	Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP3) (Important)	2022-04-24
oval:org.opensuse.security:def:99462	P	(Important)	2022-03-29
oval:org.opensuse.security:def:6031	P	Security update for zsh (Important)	2022-01-24
oval:org.opensuse.security:def:112052	P	ceph-16.2.6.45+g8fda9838398-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:105604	P	ceph-16.2.6.45+g8fda9838398-1.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:97017	P	libsaml-devel-2.6.1-1.31 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:97018	P	libshibsp-lite7-2.6.1-1.48 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:101250	P	blktrace-1.1.0+git.20170126-3.3.28 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:99661	P	(Moderate)	2021-07-20
oval:org.opensuse.security:def:111560	P	Security update for ceph (Important)	2021-07-10
oval:org.opensuse.security:def:99969	P	(Important)	2021-06-28
oval:org.opensuse.security:def:111418	P	Security update for ceph (Important)	2021-06-03
oval:org.opensuse.security:def:73823	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:98876	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:108639	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:92711	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:69653	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:76189	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:9712	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:5712	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:92121	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:66802	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:117431	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:75869	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:8765	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:99071	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:108640	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:92910	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:69852	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:64514	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:10263	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:5713	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:92313	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:67120	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:75870	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:103017	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:8960	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:99263	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:93063	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:70403	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:64701	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:42080	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:73636	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:107916	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:92512	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:67121	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:76188	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:101442	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:9513	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:93216	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:91926	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:66801	P	Security update for ceph (Important)	2021-06-02

BACK