CVE-2022-23837

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Sidekiq versions prior to 5.2.10 Sidekiq versions prior to 6.4.0

Description The issue arises from the lack of a limit on the number of days when requesting stats for the graph in api.rb in Sidekiq. This leads to an overload of the system, affecting the Web UI and making it unavailable to users.

Recommendations For versions prior to 5.2.10, update to version 5.2.10 or later to resolve the issue. For versions prior to 6.4.0, update to version 6.4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the api.rb file or limiting the number of days when requesting stats for the graph to minimize the risk of exploitation.

Exploit

Fix

Resource Exhaustion

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-770

Related Identifiers

CVE-2022-23837

DLA-2943-1

DLA-3360-1

DLA-4407-1

GHSA-JRFJ-98QG-QJGV

RHSA-2022:5498

RLSA-2022:5498

USN-7695-1

Affected Products

Debian

Linuxmint

Rocky Linux

Sidekiq

Ubuntu

CVE-2022-23837

Weakness Enumeration

Related Identifiers

Affected Products

References · 500