CVE-2022-23837

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956", "name": "https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956", "tags": ["Patch", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://github.com/TUTUMSPACE/exploits/blob/main/sidekiq.md", "name": "https://github.com/TUTUMSPACE/exploits/blob/main/sidekiq.md", "tags": ["Exploit", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://github.com/rubysec/ruby-advisory-db/pull/495", "name": "https://github.com/rubysec/ruby-advisory-db/pull/495", "tags": ["Patch", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00015.html", "name": "[debian-lts-announce] 20220310 [SECURITY] [DLA 2943-1] ruby-sidekiq security update", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00011.html", "name": "[debian-lts-announce] 20230312 [SECURITY] [DLA 3360-1] ruby-sidekiq security update", "tags": [], "refsource": "MLIST"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-770"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-23837", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}}, "publishedDate": "2022-01-21T21:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:contribsys:sidekiq:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.2.10"}, {"cpe23Uri": "cpe:2.3:a:contribsys:sidekiq:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.4.0", "versionStartIncluding": "6.0.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-03-13T00:15Z"}