CVE-2023-1892

2023-04-2105:15:07

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-1892

xss

github

repository

sidekiq

nvd

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

0.026 Low

EPSS

Percentile

90.4%

JSON

Cross-site Scripting (XSS) - Reflected in GitHub repository sidekiq/sidekiq prior to 7.0.8.

Affected configurations

NVD

Node

contribsyssidekiqRange7.0.4–7.0.8

CPENameOperatorVersion
contribsys:sidekiqcontribsys sidekiqlt7.0.8

CPE	Name	Operator	Version
contribsys:sidekiq	contribsys sidekiq	lt	7.0.8

CNA Affected

[
  {
    "vendor": "sidekiq",
    "product": "sidekiq/sidekiq",
    "versions": [
      {
        "version": "7.0.4",
        "status": "affected",
        "lessThan": "unspecified",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThan": "7.0.8",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]