From: Sage Weil Date: Thu, 13 May 2021 20:20:48 +0000 (-0500) Subject: doc/security: summarize CVEs X-Git-Tag: v17.1.0~1973^2~2 X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=6edb1e9cf9faa372699959106afbc5709523964d;p=ceph-ci.git doc/security: summarize CVEs Signed-off-by: Sage Weil --- diff --git a/doc/security/CVE-2021-3509.rst b/doc/security/CVE-2021-3509.rst new file mode 100644 index 00000000000..7e865e9b247 --- /dev/null +++ b/doc/security/CVE-2021-3509.rst @@ -0,0 +1,28 @@ +.. _CVE-2021-3509: + +CVE-2021-3509: Dashboard XSS via token cookie +============================================= + +* `NIST information page `_ + +The Ceph Dashboard was vulnerable to an XSS attack that could expose the authentication +cookie to other sites. + + +Affected versions +----------------- + +* Octopus v15.2.0 and later + +Fixed versions +-------------- + +* Pacific v16.2.4 (and later) +* Octopus v15.2.12 (and later) +* Nautilus v14.2.21 (and later) + + +Recommendations +--------------- + +All users of the Ceph dashboard should upgrade. diff --git a/doc/security/CVE-2021-3524.rst b/doc/security/CVE-2021-3524.rst new file mode 100644 index 00000000000..4d627c07176 --- /dev/null +++ b/doc/security/CVE-2021-3524.rst @@ -0,0 +1,30 @@ +.. _CVE-2021-3524: + +CVE-2021-3524: HTTP header injects via CORS in RGW +================================================== + +* `NIST information page `_ + +A flaw was found in the radosgw. The vulnerability is related to the +injection of HTTP headers via a CORS ExposeHeader tag. The \r +character in the ExposeHeader tag in the CORS configuration file +generates a header injection in the response when the CORS request is +made. + +Fixed versions +-------------- + +* Pacific v16.2.4 (and later) +* Octopus v15.2.12 (and later) +* Nautilus v14.2.21 (and later) + +Recommendations +--------------- + +All users of Ceph object storage (RGW) should upgrade. + +Acknowledgements +---------------- + +Red Hat would like to thank Sergey Bobrov (Kaspersky) for reporting this issue. + diff --git a/doc/security/CVE-2021-3531.rst b/doc/security/CVE-2021-3531.rst new file mode 100644 index 00000000000..907cb476405 --- /dev/null +++ b/doc/security/CVE-2021-3531.rst @@ -0,0 +1,28 @@ +.. _CVE-2021-3531: + +CVE-2021-3531: Swift API denial of service +========================================== + +* `NIST information page `_ + +Unauthenticated users of the Swift API can trigger a server-side assertion with a +malformed URL, leading to a denial of service. + + +Affected versions +----------------- + +* Nautilus v14.2.0 and later + +Fixed versions +-------------- + +* Pacific v16.2.4 (and later) +* Octopus v15.2.12 (and later) +* Nautilus v14.2.21 (and later) + + +Recommendations +--------------- + +All users of Ceph object storage (RGW) should upgrade. diff --git a/doc/security/cves.rst b/doc/security/cves.rst index 3c4e864b817..4e8b6a23329 100644 --- a/doc/security/cves.rst +++ b/doc/security/cves.rst @@ -5,6 +5,12 @@ Past vulnerabilities +------------+-------------------+-------------+--------------------------------------------+ | Published | CVE | Severity | Summary | +------------+-------------------+-------------+--------------------------------------------+ +| 2021-05-13 | `CVE-2021-3531`_ | Medium | Swift API denial of service | ++------------+-------------------+-------------+--------------------------------------------+ +| 2021-05-13 | `CVE-2021-3524`_ | Medium | HTTP header injects via CORS in RGW | ++------------+-------------------+-------------+--------------------------------------------+ +| 2021-05-13 | `CVE-2021-3509`_ | High | Dashboard XSS via token cookie | ++------------+-------------------+-------------+--------------------------------------------+ | 2021-04-14 | `CVE-2021-20288`_ | High | Unauthorized global_id reuse in cephx | +------------+-------------------+-------------+--------------------------------------------+ | 2020-12-18 | `CVE-2020-27781`_ | 7.1 High | CephFS creds read/modified by Manila users | @@ -66,8 +72,14 @@ Past vulnerabilities :hidden: :maxdepth: 0 + CVE-2021-3531 + CVE-2021-3524 + CVE-2021-3509 CVE-2021-20288 +.. _CVE-2021-3531: ../CVE-2021-3531 +.. _CVE-2021-3524: ../CVE-2021-3524 +.. _CVE-2021-3509: ../CVE-2021-3509 .. _CVE-2021-20288: ../CVE-2021-20288 .. _CVE-2020-27781: https://nvd.nist.gov/vuln/detail/CVE-2020-27781 .. _CVE-2020-25678: https://nvd.nist.gov/vuln/detail/CVE-2020-25678