Bug 2044581 (CVE-2022-23837)
Summary: | CVE-2022-23837 sidekiq: WebUI Denial of Service caused by number of days on graph | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Todd Cullum <tcullum> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | amackenz, amasferr, bbuckingham, bcourt, btotty, chazlett, drieden, ehelms, jsherril, lzap, mhulan, mkudlej, mmccune, myarboro, nmoumoul, orabin, pcreech, rchan, tjochec |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | sidekiq 6.4.0 | Doc Type: | If docs needed, set a value |
Doc Text: |
A denial of service vulnerability was found in job scheduler sidekiq. An attacker can request statistics for the graph and, since there were no limits on the days parameter, overload the system, affecting the WebUI.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2022-07-05 20:42:13 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2047268 | ||
Bug Blocks: | 2044574 |
Description
Todd Cullum
2022-01-24 19:09:35 UTC
This issue has been addressed in the following products: Red Hat Satellite 6.11 for RHEL 7 Red Hat Satellite 6.11 for RHEL 8 Via RHSA-2022:5498 https://access.redhat.com/errata/RHSA-2022:5498 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-23837 |