6.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
6.1 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
26.8%
resque-web in resque versions before 2.1.0 is vulnerable to reflected XSS through the current_queue parameter in the path of the queues endpoint.
v2.1.0
No known workarounds at this time. It is recommended to not click on 3rd party or untrusted links to the resque-web interface until you have patched your application.
https://github.com/resque/resque/issues/1679
https://github.com/resque/resque/pull/1687
github.com/advisories/GHSA-r8xx-8vm8-x6wj
github.com/resque/resque/commit/e8e2367fff6990d13109ec2483a456a05fbf9811
github.com/resque/resque/issues/1679
github.com/resque/resque/pull/1687
github.com/resque/resque/security/advisories/GHSA-r8xx-8vm8-x6wj
github.com/rubysec/ruby-advisory-db/blob/master/gems/resque/CVE-2023-50724.yml
nvd.nist.gov/vuln/detail/CVE-2023-50724
6.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
6.1 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
26.8%