CVE-2024-25122
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-25122
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-25122.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-25122
- Aliases
- Published
- 2024-02-13T19:15:11Z
- Modified
- 2024-10-11T20:49:29.932615Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
sidekiq-unique-jobs is an open source project which prevents simultaneous Sidekiq jobs with the same unique arguments to run. Specially crafted GET request parameters handled by any of the following endpoints of sidekiq-unique-jobs' "admin" web UI, allow a super-user attacker, or an unwitting, but authorized, victim, who has received a disguised / crafted link, to successfully execute malicious code, which could potentially steal cookies, session data, or local storage data from the app the sidekiq-unique-jobs web UI is mounted in. 1.
/changelogs, 2./locksor 3./expiring_locks. This issue has been addressed in versions 7.1.33 and 8.0.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. - References
Affected packages
Git / github.com/mhenrixon/sidekiq-unique-jobs
Affected ranges
- Type
- GIT
- Repo
- https://github.com/mhenrixon/sidekiq-unique-jobs
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
4.*
4.0.1
v2.*
v2.1.0
v2.2.0
v2.2.1
v2.3.2
v2.7.0
v3.*
v3.0.1
v3.0.10
v3.0.11
v3.0.2
v3.0.3
v3.0.9
v4.*
v4.0.0
v4.0.10
v4.0.11
v4.0.12
v4.0.13
v4.0.15
v4.0.16
v4.0.17
v4.0.18
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v5.*
v5.0.0
v5.0.1
v5.0.10
v5.0.2
v5.0.3
v5.0.4
v5.0.5
v5.0.6
v5.0.7
v5.0.8
v5.0.9
v6.*
v6.0.0
v6.0.0.beta1
v6.0.0.beta2
v6.0.0.rc1
v6.0.0.rc2
v6.0.0.rc3
v6.0.0.rc4
v6.0.0.rc5
v6.0.0.rc6
v6.0.0.rc7
v6.0.0.rc8
v6.0.1
v6.0.10
v6.0.11
v6.0.12
v6.0.13
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.0.6
v6.0.7
v6.0.8
v6.0.9
v7.*
v7.0.0
v7.0.0.beta1
v7.0.0.beta10
v7.0.0.beta11
v7.0.0.beta12
v7.0.0.beta13
v7.0.0.beta14
v7.0.0.beta15
v7.0.0.beta16
v7.0.0.beta17
v7.0.0.beta18
v7.0.0.beta19
v7.0.0.beta2
v7.0.0.beta20
v7.0.0.beta21
v7.0.0.beta22
v7.0.0.beta23
v7.0.0.beta24
v7.0.0.beta25
v7.0.0.beta26
v7.0.0.beta27
v7.0.0.beta28
v7.0.0.beta29
v7.0.0.beta3
v7.0.0.beta4
v7.0.0.beta5
v7.0.0.beta6
v7.0.0.beta7
v7.0.0.beta8
v7.0.0.beta9
v7.0.1
v7.0.10
v7.0.11
v7.0.12
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.9
v7.1.0
v7.1.1
v7.1.10
v7.1.11
v7.1.12
v7.1.13
v7.1.14
v7.1.15
v7.1.16
v7.1.18
v7.1.19
v7.1.2
v7.1.20
v7.1.21
v7.1.22
v7.1.23
v7.1.24
v7.1.25
v7.1.26
v7.1.27
v7.1.28
v7.1.29
v7.1.3
v7.1.4
v7.1.5
v7.1.6
v7.1.7
v7.1.8
v8.*
v8.0.0
v8.0.1
v8.0.2
v8.0.3
v8.0.4
v8.0.5
v8.0.6