Lucene search

Redhat.comRH:CVE-2023-1892

HistoryApr 21, 2023 - 12:57 p.m.

CVE-2023-1892

2023-04-2112:57:23

redhat.com

access.redhat.com

cross-site scripting

vulnerability

sidekiq

get parameter

code execution

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.023 Low

EPSS

Percentile

89.7%

JSON

A reflected Cross-site Scripting (XSS) vulnerability was found in sidekiq. This issue may allow code to be executed via multiples endpoints in the GET parameter “period”.

References

bugzilla.redhat.com/show_bug.cgi?id=2188630

github.com/sidekiq/sidekiq/commit/458fdf74176a9881478c48dc5cf0269107b22214

nvd.nist.gov/vuln/detail/CVE-2023-1892

www.cve.org/CVERecord?id=CVE-2023-1892

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.023 Low

EPSS

Percentile

89.7%

JSON

Related for RH:CVE-2023-1892