Lucene search
RubySecRUBY:SIDEKIQ-2024-32887HistoryApr 25, 2024 - 9:00 p.m.
Reflected XSS in Metrics Web Page
2024-04-2521:00:00
RubySec
github.com
5
reflected xss
metrics web page
sidekiq
http endpoint
substr query param
security vulnerability
CVSS3
5.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
AI Score
6.2
Confidence
High
Reflected XSS in Sidekiq Web UI via the /metrics HTTP end-point and the
substr query param:
https://{host}/sidekiq/metrics?substr=foot%22%3E%3Cscript%20src=%22{payload}%22%20/%3E
Affected configurations
Node
rubysidekiqRange≤7.2.4
Related
osv
osv
Sidekiq vulnerable to a Reflected XSS in Queues Web Page
2024-04-26 22:19:08
CVE-2024-32887
2024-04-26 21:15:49
cve
cve
CVE-2024-32887
2024-04-26 21:15:49
veracode
veracode
Cross-site Scripting (XSS)
2024-04-29 04:40:53
vulnrichment
vulnrichment
CVE-2024-32887 Reflected XSS in sidekiq
2024-04-26 21:02:42
debiancve
debiancve
CVE-2024-32887
2024-04-26 21:15:49
github
github
Sidekiq vulnerable to a Reflected XSS in Queues Web Page
2024-04-26 22:19:08
redhatcve
redhatcve
CVE-2024-32887
2024-04-29 07:15:24
nvd
nvd
CVE-2024-32887
2024-04-26 21:15:49
cvelist
cvelist
CVE-2024-32887 Reflected XSS in sidekiq
2024-04-26 21:02:42
ubuntucve
ubuntucve
CVE-2024-32887
2024-04-26 00:00:00
CVSS3
5.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
AI Score
6.2
Confidence
High
Related for RUBY:SIDEKIQ-2024-32887