Lucene search

[email protected]NVD:CVE-2023-26141

HistorySep 14, 2023 - 5:15 a.m.

CVE-2023-26141

2023-09-1405:15:11

CWE-345

CWE-400

[email protected]

web.nvd.nist.gov

denial of service

sidekiq

insufficient checks

localstorage

polling requests

vulnerability

dashboard-charts.js

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

41.9%

JSON

Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.

Affected configurations

Nvd

Node

contribsyssidekiqRange<6.5.10

contribsyssidekiqRange7.0–7.1.3

VendorProductVersionCPE
contribsyssidekiq*cpe:2.3:a:contribsys:sidekiq:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
contribsys	sidekiq	*	cpe:2.3:a:contribsys:sidekiq::::::::

References

gist.github.com/keeganparr1/1dffd3c017339b7ed5371ed3d81e6b2a

github.com/sidekiq/sidekiq/blob/6-x/web/assets/javascripts/dashboard.js%23L6

github.com/sidekiq/sidekiq/commit/62c90d7c5a7d8a378d79909859d87c2e0702bf89

security.snyk.io/vuln/SNYK-RUBY-SIDEKIQ-5885107

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

41.9%

JSON

Related for NVD:CVE-2023-26141

veracode1 cve1 prion1 rubygems1 ubuntucve1 osv2 debiancve1 redhatcve1 cvelist1 github1 redhat1 nessus1