CVE-2023-26141

2023-09-1405:15:11

Debian Security Bug Tracker

security-tracker.debian.org

sidekiq

denial of service

dashboard-charts.js

localstorage

polling requests

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P

EPSS

0.001

Percentile

41.9%

JSON

Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.

OSVersionArchitecturePackageVersionFilename
Debian12allruby-sidekiq<= 6.4.1+dfsg-1ruby-sidekiq_6.4.1+dfsg-1_all.deb
Debian11allruby-sidekiq<= 6.0.4+dfsg-2ruby-sidekiq_6.0.4+dfsg-2_all.deb
Debian999allruby-sidekiq< 7.2.1+dfsg-2ruby-sidekiq_7.2.1+dfsg-2_all.deb
Debian13allruby-sidekiq< 7.2.1+dfsg-2ruby-sidekiq_7.2.1+dfsg-2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	ruby-sidekiq	<= 6.4.1+dfsg-1	ruby-sidekiq_6.4.1+dfsg-1_all.deb
Debian	11	all	ruby-sidekiq	<= 6.0.4+dfsg-2	ruby-sidekiq_6.0.4+dfsg-2_all.deb
Debian	999	all	ruby-sidekiq	< 7.2.1+dfsg-2	ruby-sidekiq_7.2.1+dfsg-2_all.deb
Debian	13	all	ruby-sidekiq	< 7.2.1+dfsg-2	ruby-sidekiq_7.2.1+dfsg-2_all.deb