Описание
In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users.
A denial of service vulnerability was found in job scheduler sidekiq. An attacker can request statistics for the graph and, since there were no limits on the days parameter, overload the system, affecting the WebUI.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat 3scale API Management Platform 2 | rubygem-sidekiq | Will not fix | ||
| Red Hat Satellite 6.11 for RHEL 7 | tfm-rubygem-sidekiq | Fixed | RHSA-2022:5498 | 05.07.2022 |
| Red Hat Satellite 6.11 for RHEL 8 | rubygem-sidekiq | Fixed | RHSA-2022:5498 | 05.07.2022 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users.
In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users.
In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the ...
7.5 High
CVSS3