2239010 – (CVE-2023-26141) CVE-2023-26141 sidekiq: DoS in dashboard-charts

Bug 2239010 (CVE-2023-26141) - CVE-2023-26141 sidekiq: DoS in dashboard-charts

Summary: CVE-2023-26141 sidekiq: DoS in dashboard-charts

Keywords:
Status:	NEW
Alias:	CVE-2023-26141
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2239011
Blocks:	2239009
TreeView+	depends on / blocked

Reported:	2023-09-14 19:03 UTC by Chess Hazlett
Modified:	2023-11-13 17:50 UTC (History)
CC List:	14 users (show)
Fixed In Version:	sidekiq 7.1.3
Doc Type:	If docs needed, set a value
Doc Text:	A denial of service vulnerability was found in Sidekiq. This flaw allows an attacker to manipulate the localStorage value in the dashboard-charts.js file and cause excessive polling requests.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Chess Hazlett 2023-09-14 19:03:13 UTC

Versions of the ruby package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.

Note You need to log in before you can comment on or make changes to this bug.