CVE-2021-3509 log

Severity Medium
Remote Yes
Type Cross-site scripting
A security issue was found in ceph before version 15.2.12. In order to make the JWT token inaccessible through cross-site scripting (XSS), it was moved from localStorage to httpOnly Cookie (CVE-2020-27839). But token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.
Group Package Affected Fixed Severity Status Ticket
AVG-1826 ceph 15.2.10-1 15.2.12-1 High Fixed FS#70450
Date Advisory Group Package Severity Type
19 May 2021 ASA-202105-3 AVG-1826 ceph High multiple issues