DEBIAN-CVE-2021-3509
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 27 May 2021, 00:15
Last modified:28 Apr 2026, 20:22
Vulnerability Summary
Overall Risk (default)
low
24/100 CVSS Score
6.1 MEDIUM
3.1 (osv_debian)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
27 May 2021, 00:15
Published
Vulnerability first disclosed
28 Apr 2026, 20:22
Last Modified
Vulnerability information updated
Description
A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The greatest threat to the system is for confidentiality, integrity, and availability.
CVSS Metrics
- v3.1•MEDIUM•Score: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Systems
- debian•ceph
< 14.2.21-1 | < 14.2.21-1 | < 14.2.21-1 | < 14.2.21-1