CVE & CISA-KEV Catalog

CVE-2023-26141

HIGH
7.5
CVSS v3
NVD

Description

Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.

How to fix

Remediation Available
candlepinRocky
Fixed in:0:4.3.11-1.el8satRHSA-2024:0797
Fixed in:0:4.3.11-1.el8satRHSA-2024:0797
candlepinRed Hat / RHEL
Fixed in:0:4.3.11-1.el8satRHSA-2024:0797
Fixed in:0:4.3.11-1.el8satRHSA-2024:0797
candlepin-selinuxRed Hat / RHEL
Fixed in:0:4.3.11-1.el8satRHSA-2024:0797
candlepin-selinuxRocky
Fixed in:0:4.3.11-1.el8satRHSA-2024:0797
foremanRed Hat / RHEL
Fixed in:0:3.7.0.11-2.el8satRHSA-2024:0797
Fixed in:0:3.7.0.11-2.el8satRHSA-2024:0797
foremanRocky
Fixed in:0:3.7.0.11-2.el8satRHSA-2024:0797
Fixed in:0:3.7.0.11-2.el8satRHSA-2024:0797
foreman-cliRocky
Fixed in:0:3.7.0.11-2.el8satRHSA-2024:0797
foreman-cliRed Hat / RHEL
Fixed in:0:3.7.0.11-2.el8satRHSA-2024:0797
foreman-debugRocky
Fixed in:0:3.7.0.11-2.el8satRHSA-2024:0797
foreman-debugRed Hat / RHEL
Fixed in:0:3.7.0.11-2.el8satRHSA-2024:0797
foreman-dynflow-sidekiqRed Hat / RHEL
Fixed in:0:3.7.0.11-2.el8satRHSA-2024:0797
foreman-dynflow-sidekiqRocky
Fixed in:0:3.7.0.11-2.el8satRHSA-2024:0797
foreman-ec2Rocky
Fixed in:0:3.7.0.11-2.el8satRHSA-2024:0797
foreman-ec2Red Hat / RHEL
Fixed in:0:3.7.0.11-2.el8satRHSA-2024:0797
foreman-installerRed Hat / RHEL
Fixed in:1:3.7.0.7-1.el8satRHSA-2024:0797
Fixed in:1:3.7.0.7-1.el8satRHSA-2024:0797
foreman-installerRocky
Fixed in:1:3.7.0.7-1.el8satRHSA-2024:0797
Fixed in:1:3.7.0.7-1.el8satRHSA-2024:0797
foreman-installer-katelloRed Hat / RHEL
Fixed in:1:3.7.0.7-1.el8satRHSA-2024:0797
foreman-installer-katelloRocky
Fixed in:1:3.7.0.7-1.el8satRHSA-2024:0797
foreman-journaldRocky
Fixed in:0:3.7.0.11-2.el8satRHSA-2024:0797
foreman-journaldRed Hat / RHEL
Fixed in:0:3.7.0.11-2.el8satRHSA-2024:0797
foreman-libvirtRocky
Fixed in:0:3.7.0.11-2.el8satRHSA-2024:0797
foreman-libvirtRed Hat / RHEL
Fixed in:0:3.7.0.11-2.el8satRHSA-2024:0797
foreman-openstackRed Hat / RHEL
Fixed in:0:3.7.0.11-2.el8satRHSA-2024:0797
foreman-openstackRocky
Fixed in:0:3.7.0.11-2.el8satRHSA-2024:0797
foreman-ovirtRocky
Fixed in:0:3.7.0.11-2.el8satRHSA-2024:0797
foreman-ovirtRed Hat / RHEL
Fixed in:0:3.7.0.11-2.el8satRHSA-2024:0797
foreman-postgresqlRed Hat / RHEL
Fixed in:0:3.7.0.11-2.el8satRHSA-2024:0797
foreman-postgresqlRocky
Fixed in:0:3.7.0.11-2.el8satRHSA-2024:0797
foreman-redisRed Hat / RHEL
Fixed in:0:3.7.0.11-2.el8satRHSA-2024:0797
foreman-redisRocky
Fixed in:0:3.7.0.11-2.el8satRHSA-2024:0797
foreman-serviceRed Hat / RHEL
Fixed in:0:3.7.0.11-2.el8satRHSA-2024:0797
foreman-serviceRocky
Fixed in:0:3.7.0.11-2.el8satRHSA-2024:0797
foreman-telemetryRocky
Fixed in:0:3.7.0.11-2.el8satRHSA-2024:0797
foreman-telemetryRed Hat / RHEL
Fixed in:0:3.7.0.11-2.el8satRHSA-2024:0797
foreman-vmwareRed Hat / RHEL
Fixed in:0:3.7.0.11-2.el8satRHSA-2024:0797
foreman-vmwareRocky
Fixed in:0:3.7.0.11-2.el8satRHSA-2024:0797
mosquittoRed Hat / RHEL
Fixed in:0:2.0.17-1.el8satRHSA-2024:0797
Fixed in:0:2.0.17-1.el8satRHSA-2024:0797
mosquittoRocky
Fixed in:0:2.0.17-1.el8satRHSA-2024:0797
Fixed in:0:2.0.17-1.el8satRHSA-2024:0797
mosquitto-debuginfoRocky
Fixed in:0:2.0.17-1.el8satRHSA-2024:0797
mosquitto-debuginfoRed Hat / RHEL
Fixed in:0:2.0.17-1.el8satRHSA-2024:0797
mosquitto-debugsourceRocky
Fixed in:0:2.0.17-1.el8satRHSA-2024:0797
mosquitto-debugsourceRed Hat / RHEL
Fixed in:0:2.0.17-1.el8satRHSA-2024:0797
puppet-agentRocky
Fixed in:0:7.27.0-1.el8satRHSA-2024:0797
Fixed in:0:7.27.0-1.el8satRHSA-2024:0797
puppet-agentRed Hat / RHEL
Fixed in:0:7.27.0-1.el8satRHSA-2024:0797
Fixed in:0:7.27.0-1.el8satRHSA-2024:0797
puppetserverRocky
Fixed in:0:7.14.0-1.el8satRHSA-2024:0797
Fixed in:0:7.14.0-1.el8satRHSA-2024:0797
puppetserverRed Hat / RHEL
Fixed in:0:7.14.0-1.el8satRHSA-2024:0797
Fixed in:0:7.14.0-1.el8satRHSA-2024:0797
python-pulp-containerRed Hat / RHEL
Fixed in:0:2.14.11-1.el8pcRHSA-2024:0797
python-pulp-containerRocky
Fixed in:0:2.14.11-1.el8pcRHSA-2024:0797
python39-pulp-containerRocky
Fixed in:0:2.14.11-1.el8pcRHSA-2024:0797
python39-pulp-containerRed Hat / RHEL
Fixed in:0:2.14.11-1.el8pcRHSA-2024:0797
rubygem-foreman_bootdiskRocky
Fixed in:0:21.2.1-1.el8satRHSA-2024:0797
Fixed in:0:21.2.1-1.el8satRHSA-2024:0797
rubygem-foreman_bootdiskRed Hat / RHEL
Fixed in:0:21.2.1-1.el8satRHSA-2024:0797
Fixed in:0:21.2.1-1.el8satRHSA-2024:0797
rubygem-google-protobufRed Hat / RHEL
Fixed in:0:3.24.3-1.el8satRHSA-2024:0797
Fixed in:0:3.24.3-1.el8satRHSA-2024:0797
rubygem-google-protobufRocky
Fixed in:0:3.24.3-1.el8satRHSA-2024:0797
Fixed in:0:3.24.3-1.el8satRHSA-2024:0797
rubygem-google-protobuf-debuginfoRed Hat / RHEL
Fixed in:0:3.24.3-1.el8satRHSA-2024:0797
rubygem-google-protobuf-debuginfoRocky
Fixed in:0:3.24.3-1.el8satRHSA-2024:0797
rubygem-google-protobuf-debugsourceRocky
Fixed in:0:3.24.3-1.el8satRHSA-2024:0797
rubygem-google-protobuf-debugsourceRed Hat / RHEL
Fixed in:0:3.24.3-1.el8satRHSA-2024:0797
rubygem-grpcRocky
Fixed in:0:1.58.0-1.el8satRHSA-2024:0797
Fixed in:0:1.58.0-1.el8satRHSA-2024:0797
rubygem-grpcRed Hat / RHEL
Fixed in:0:1.58.0-1.el8satRHSA-2024:0797
Fixed in:0:1.58.0-1.el8satRHSA-2024:0797
rubygem-kafoRed Hat / RHEL
Fixed in:0:7.2.0-1.el8satRHSA-2024:0797
Fixed in:0:7.2.0-1.el8satRHSA-2024:0797
rubygem-kafoRocky
Fixed in:0:7.2.0-1.el8satRHSA-2024:0797
Fixed in:0:7.2.0-1.el8satRHSA-2024:0797
rubygem-katelloRocky
Fixed in:0:4.9.0.21-1.el8satRHSA-2024:0797
Fixed in:0:4.9.0.21-1.el8satRHSA-2024:0797
rubygem-katelloRed Hat / RHEL
Fixed in:0:4.9.0.21-1.el8satRHSA-2024:0797
Fixed in:0:4.9.0.21-1.el8satRHSA-2024:0797
rubygem-pumaRed Hat / RHEL
Fixed in:0:6.3.1-1.el8satRHSA-2024:0797
Fixed in:0:6.3.1-1.el8satRHSA-2024:0797
rubygem-pumaRocky
Fixed in:0:6.3.1-1.el8satRHSA-2024:0797
Fixed in:0:6.3.1-1.el8satRHSA-2024:0797
rubygem-puma-debuginfoRed Hat / RHEL
Fixed in:0:6.3.1-1.el8satRHSA-2024:0797
rubygem-puma-debuginfoRocky
Fixed in:0:6.3.1-1.el8satRHSA-2024:0797
rubygem-puma-debugsourceRocky
Fixed in:0:6.3.1-1.el8satRHSA-2024:0797
rubygem-puma-debugsourceRed Hat / RHEL
Fixed in:0:6.3.1-1.el8satRHSA-2024:0797
rubygem-sidekiqRed Hat / RHEL
Fixed in:0:6.5.12-1.el8satRHSA-2024:0797
Fixed in:0:6.5.12-1.el8satRHSA-2024:0797
rubygem-sidekiqRocky
Fixed in:0:6.5.12-1.el8satRHSA-2024:0797
Fixed in:0:6.5.12-1.el8satRHSA-2024:0797
satelliteRed Hat / RHEL
Fixed in:0:6.14.2-1.el8satRHSA-2024:0797
Fixed in:0:6.14.2-1.el8satRHSA-2024:0797
satelliteRocky
Fixed in:0:6.14.2-1.el8satRHSA-2024:0797
Fixed in:0:6.14.2-1.el8satRHSA-2024:0797
satellite-capsuleRed Hat / RHEL
Fixed in:0:6.14.2-1.el8satRHSA-2024:0797
satellite-capsuleRocky
Fixed in:0:6.14.2-1.el8satRHSA-2024:0797
satellite-cliRocky
Fixed in:0:6.14.2-1.el8satRHSA-2024:0797
satellite-cliRed Hat / RHEL
Fixed in:0:6.14.2-1.el8satRHSA-2024:0797
satellite-commonRed Hat / RHEL
Fixed in:0:6.14.2-1.el8satRHSA-2024:0797
satellite-commonRocky
Fixed in:0:6.14.2-1.el8satRHSA-2024:0797
satellite-convert2rhel-toolkitRocky
Fixed in:0:1.0.1-1.el8satRHSA-2024:0797
Fixed in:0:1.0.1-1.el8satRHSA-2024:0797
satellite-convert2rhel-toolkitRed Hat / RHEL
Fixed in:0:1.0.1-1.el8satRHSA-2024:0797
Fixed in:0:1.0.1-1.el8satRHSA-2024:0797

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploit Intelligence

0.75%probability of exploitation in 30 days
50thpercentile

Moderate risk: more likely to be exploited than 50% of all known CVEs.

References

Third-Party Advisory1
Other references1

Related Vulnerabilities

Other CWE-400 (Resource Exhaustion) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2023-44487High7.5100%KEVFix
CVE-2021-44228Critical10.0100%KEV + RansomFix
CVE-2011-3192High7.899%-Fix
CVE-2019-11478Medium5.395%-Fix
CVE-2024-25617Medium5.389%-Fix
CVE-2018-1000115High7.589%-Fix
Embed a live status badge for CVE-2023-26141
CVE-2023-26141 severity badge

Markdown

[![CVE-2023-26141](https://tridentstack.com/cve/badge/CVE-2023-26141.svg)](https://tridentstack.com/cve/CVE-2023-26141)

HTML

<a href="https://tridentstack.com/cve/CVE-2023-26141"><img src="https://tridentstack.com/cve/badge/CVE-2023-26141.svg" alt="CVE-2023-26141"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.