Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-1892Cross-site Scripting in Sidekiq

CWE-79Cross-site ScriptingCWE-400Uncontrolled Resource ConsumptionCWE-754Improper Check for Unusual or Exceptional ConditionsCWE-80Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)10 documents7 sources
Severity
9.6CRITICALNVD
EPSS
79.6%
top 0.91%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Sidekiq SidekiqContribsys SidekiqMhenrixon Sidekiq-unique-jobs+1 more
Timeline
PublishedApr 21
Latest updateFeb 13

Description

Cross-site Scripting (XSS) - Reflected in GitHub repository sidekiq/sidekiq prior to 7.0.8.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0

Affected Packages5 packages

NVDcontribsys/sidekiq7.0.47.0.8
RubyGemscontribsys/sidekiq7.0.47.0.8
CVEListV5sidekiq/sidekiq_sidekiq7.0.4unspecified+1
RubyGemsmhenrixon/sidekiq-unique-jobs8.0.08.0.7+1

Patches

Patch: github.comPatch: huntr.devPatch: github.com

🔴Vulnerability Details

5
GHSA
XSS sidekiq-unique-jobs UI server vulnerability2024-02-13
OSV
XSS sidekiq-unique-jobs UI server vulnerability2024-02-13
GHSA
sidekiq vulnerable to cross-site scripting2023-04-21
OSV
sidekiq vulnerable to cross-site scripting2023-04-21
OSV
CVE-2023-1892: Cross-site Scripting (XSS) - Reflected in GitHub repository sidekiq/sidekiq prior to 72023-04-21

💥Exploits & PoCs

1
Nuclei
Sidekiq < 7.0.8 - Cross-Site Scripting

📋Vendor Advisories

2
Red Hat
sidekiq: Reflected XSS on Sidekiq through multiples endpoints via GET parameter "period" in sidekiq/sidekiq2023-04-21
Debian
CVE-2023-1892: ruby-sidekiq - Cross-site Scripting (XSS) - Reflected in GitHub repository sidekiq/sidekiq prio...2023

💬Community

1
Bugzilla
CVE-2023-3268 kernel: out-of-bounds access in relay_file_read2023-06-16