{
  "threat_severity" : "Moderate",
  "public_date" : "2023-09-14T00:00:00Z",
  "bugzilla" : {
    "description" : "sidekiq: DoS in dashboard-charts",
    "id" : "2239010",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2239010"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.9",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-400",
  "details" : [ "Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.", "A denial of service vulnerability was found in Sidekiq. This flaw allows an attacker to manipulate the localStorage value in the dashboard-charts.js file and cause excessive polling requests." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Satellite 6.14 for RHEL 8",
    "release_date" : "2024-02-13T00:00:00Z",
    "advisory" : "RHSA-2024:0797",
    "cpe" : "cpe:/a:redhat:satellite:6.14::el8",
    "package" : "rubygem-sidekiq-0:6.5.12-1.el8sat"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat 3scale API Management Platform 2",
    "fix_state" : "Affected",
    "package_name" : "3scale-amp-system-container",
    "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-26141\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-26141\nhttps://github.com/sidekiq/sidekiq/commit/62c90d7c5a7d8a378d79909859d87c2e0702bf89" ],
  "name" : "CVE-2023-26141",
  "csaw" : false
}