CVE-2022-23837

Published: 21/01/2022 Updated: 13/03/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

In api.rb in Sidekiq prior to 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users.

Vulnerable Product	Search on Vulmon	Subscribe to Product
contribsys sidekiq
debian debian linux 9.0

Synopsis Moderate: Satellite 611 Release Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat Satellite 611 Description Red Hat Satellite is a systems management tool for Linux-basedin ...

Debian Bug report logs - #1004193 ruby-sidekiq: CVE-2022-23837 Package: src:ruby-sidekiq; Maintainer for src:ruby-sidekiq is Debian Ruby Team <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 22 Jan 2022 15:24:01 UTC Severity: important Tags: secur ...

In apirb in Sidekiq before 640, there is no limit on the number of days when requesting stats for the graph This overloads the system, affecting the Web UI, and makes it unavailable to users ...

CWE-770 https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956 https://github.com/TUTUMSPACE/exploits/blob/main/sidekiq.md https://github.com/rubysec/ruby-advisory-db/pull/495 https://lists.debian.org/debian-lts-announce/2022/03/msg00015.html https://lists.debian.org/debian-lts-announce/2023/03/msg00011.html https://access.redhat.com/errata/RHSA-2022:5498 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2022-23837

CVE-2022-23837

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect