.. _CVE-2021-3509:

CVE-2021-3509: Dashboard XSS via token cookie

• NIST information page <https://nvd.nist.gov/vuln/detail/CVE-2021-3509>_

The Ceph Dashboard was vulnerable to an XSS attack that could expose the authentication cookie to other sites.

Affected versions

• Octopus v15.2.0 and later

Fixed versions

• Pacific v16.2.4 (and later)
• Octopus v15.2.12 (and later)
• Nautilus v14.2.21 (and later)

Recommendations

All users of the Ceph dashboard should upgrade.