idekiq-unique-jobs is an open source project which prevents simultaneous Sidekiq jobs with the same unique arguments to run. Specially crafted GET request parameters handled by any of the following endpoints of sidekiq-unique-jobs' "admin" web UI, allow a super-user attacker, or an unwitting, but authorized, victim, who has received a disguised / crafted link, to successfully execute malicious code, which could potentially steal cookies, session data, or local storage data from the app the sidekiq-unique-jobs web UI is mounted in. 1. `/changelogs`, 2. `/locks` or 3. `/expiring_locks`. This issue has been addressed in versions 7.1.33 and 8.0.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Configuration 1 (hide)
|
21 Nov 2024, 09:00
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.1 |
| References | () https://github.com/mhenrixon/sidekiq-unique-jobs/commit/ec3afd920c1b55843c72f748a87baac7f8be82ed - Patch | |
| References | () https://github.com/mhenrixon/sidekiq-unique-jobs/security/advisories/GHSA-cmh9-rx85-xj38 - Exploit, Third Party Advisory |
11 Oct 2024, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Mhenrixon
Mhenrixon sidekiq-unique-jobs |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
| CPE | cpe:2.3:a:mhenrixon:sidekiq-unique-jobs:*:*:*:*:*:*:*:* | |
| References | () https://github.com/mhenrixon/sidekiq-unique-jobs/commit/ec3afd920c1b55843c72f748a87baac7f8be82ed - Patch | |
| References | () https://github.com/mhenrixon/sidekiq-unique-jobs/security/advisories/GHSA-cmh9-rx85-xj38 - Exploit, Third Party Advisory |
Published : 2024-02-13 19:15
Updated : 2024-11-21 09:00
NVD link : CVE-2024-25122
Mitre link : CVE-2024-25122
CVE.ORG link : CVE-2024-25122
JSON object : View
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')