Lucene search

Veracode Vulnerability DatabaseVERACODE:43320

HistorySep 20, 2023 - 8:31 a.m.

Denial Of Service

2023-09-2008:31:53

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

denial of service

sidekiq

localstorage vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P

0.001 Low

EPSS

Percentile

26.3%

JSON

sidekiq is vulnerable to Denial Of Service. The vulnerability is due to insufficient localStorage checks in the dashboard-charts.js file. The attacker can exploit this issue by manipulating the localeStorage.sidekiqTimeInterval which leads to Denial of Service.

CPENameOperatorVersion
sidekiqle7.1.2
sidekiqle6.5.9
sidekiqle7.1.2
sidekiqle6.5.9

Name	Operator	Version
sidekiq	le	7.1.2
sidekiq	le	6.5.9
sidekiq	le	7.1.2
sidekiq	le	6.5.9

References

gist.github.com/keeganparr1/1dffd3c017339b7ed5371ed3d81e6b2a

github.com/advisories/GHSA-3qc2-v3hp-6cv8

github.com/sidekiq/sidekiq/blob/6-x/web/assets/javascripts/dashboard.js%23L6

github.com/sidekiq/sidekiq/commit/62c90d7c5a7d8a378d79909859d87c2e0702bf89

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P

0.001 Low

EPSS

Percentile

26.3%

JSON

Related for VERACODE:43320