CVE-2023-26141
Advisory lineage Upstream: 0 Downstream: 3
Modified
Published: 14 Sept 2023, 05:00
Last modified:25 Sept 2024, 18:16
Vulnerability Summary
Overall Risk (default)
medium
40/100 CVSS Score
7.5 HIGH
v3.1 (cve.org)
EPSS Score
0.45% LOW
0% probability +0.05%
KEV
Not listed
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected
Timeline
14 Sept 2023, 05:00
Published
Vulnerability first disclosed
25 Sept 2024, 18:16
Last Modified
Vulnerability information updated
Description
Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.
CVSS Metrics
- v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
- v3.1•MEDIUM•Score: 4.9CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
EPSS Trends
Current EPSS score: 0.45%• Percentile: 64%
Techniques & Countermeasures
- CWE-400•Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
- CWE-345•Insufficient Verification of Data Authenticity
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Affected Systems
- contribsys•sidekiq
< 6.5.10 | ≥ 7.0, < 7.1.3