Severity |
|
Remote |
|
Type |
- |
Unknown |
+ |
Cross-site scripting |
|
Description |
+ |
A security issue was found in ceph in versions prior to 15.2.9. The JWT token used by the ceph dashboard for authorising against the API was stored inside the local storage of the browser, making it vulnerable to cross-site scripting attacks. Ceph version 15.2.9 mitigates this issue by using secure cookies for storage instead. |
|
References |
+ |
https://tracker.ceph.com/issues/44591 |
+ |
https://github.com/ceph/ceph/pull/38259 |
+ |
https://github.com/ceph/ceph/pull/39120 |
+ |
https://github.com/ceph/ceph/commit/67edff73234732e69b145d5270d744c3fb8168ab |
|