CVE-2023-26141 — Uncontrolled Resource Consumption in Sidekiq

CWE-400 — Uncontrolled Resource Consumption CWE-345 — Insufficient Verification of Data Authenticity8 documents5 sources

Severity

4.9MEDIUMNVD

OSV7.5OSV5.3

EPSS

0.5%

top 32.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Contribsys Sidekiq Debian Ruby-sidekiq

Timeline

PublishedSep 14

Latest updateJun 17

Description

Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 1.2 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5contribsys/sidekiq< 7.1.3

▶NVDcontribsys/sidekiq7.0 — 7.1.3+1

▶RubyGemscontribsys/sidekiq7.0.0 — 7.1.3+1

▶debiandebian/ruby-sidekiq

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

ruby-rack vulnerabilities↗2024-06-17

▶

OSV

ruby-rack vulnerabilities↗2024-03-12

▶

GHSA

sidekiq Denial of Service vulnerability↗2023-09-14

▶

OSV

CVE-2023-26141: Versions of the package sidekiq before 7↗2023-09-14

▶

OSV

sidekiq Denial of Service vulnerability↗2023-09-14

▶

📋Vendor Advisories

Red Hat

sidekiq: DoS in dashboard-charts↗2023-09-14

▶

Debian

CVE-2023-26141: ruby-sidekiq - Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service...↗2023

▶