Lucene search

[email protected]NVD:CVE-2023-46951

HistoryMar 01, 2024 - 2:15 p.m.

CVE-2023-46951

2024-03-0114:15:53

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-46951

cross site scripting

contribsys sidekiq

remote attacker

sensitive information

crafted payload

uniquejobs function

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

5.7

Confidence

High

EPSS

Percentile

10.9%

JSON

Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted payload to the uniquejobs function.

References

github.com/mhenrixon/sidekiq-unique-jobs/pull/829

github.com/mhenrixon/sidekiq-unique-jobs/releases/tag/v8.0.7

github.com/mhenrixon/sidekiq-unique-jobs/security/advisories/GHSA-cmh9-rx85-xj38

link.org

www.link.com

www.mgm-sp.com/cve/sidekiq-unique-jobs-reflected-xss-cve-2023-46950-cve-2023-46951

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

5.7

Confidence

High

EPSS

Percentile

10.9%

JSON

Related for NVD:CVE-2023-46951

veracode1 cve1 prion1 cvelist1 vulnrichment1