vulnerability
Red Hat: CVE-2022-23837: Moderate: Satellite 6.11 Release (RHSA-2022:5498)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Jan 21, 2022 | Jul 14, 2022 | Jul 14, 2022 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Jan 21, 2022
Added
Jul 14, 2022
Modified
Jul 14, 2022
Description
In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users.
Solutions
redhat-upgrade-foreman-cliredhat-upgrade-rubygem-amazing_printredhat-upgrade-rubygem-apipie-bindingsredhat-upgrade-rubygem-clampredhat-upgrade-rubygem-domain_nameredhat-upgrade-rubygem-fast_gettextredhat-upgrade-rubygem-foreman_maintainredhat-upgrade-rubygem-hammer_cliredhat-upgrade-rubygem-hammer_cli_foremanredhat-upgrade-rubygem-hammer_cli_foreman_adminredhat-upgrade-rubygem-hammer_cli_foreman_ansibleredhat-upgrade-rubygem-hammer_cli_foreman_azure_rmredhat-upgrade-rubygem-hammer_cli_foreman_bootdiskredhat-upgrade-rubygem-hammer_cli_foreman_discoveryredhat-upgrade-rubygem-hammer_cli_foreman_openscapredhat-upgrade-rubygem-hammer_cli_foreman_remote_executionredhat-upgrade-rubygem-hammer_cli_foreman_tasksredhat-upgrade-rubygem-hammer_cli_foreman_templatesredhat-upgrade-rubygem-hammer_cli_foreman_virt_who_configureredhat-upgrade-rubygem-hammer_cli_foreman_webhooksredhat-upgrade-rubygem-hammer_cli_katelloredhat-upgrade-rubygem-hashieredhat-upgrade-rubygem-highlineredhat-upgrade-rubygem-http-cookieredhat-upgrade-rubygem-jwtredhat-upgrade-rubygem-little-pluggerredhat-upgrade-rubygem-localeredhat-upgrade-rubygem-loggingredhat-upgrade-rubygem-mime-typesredhat-upgrade-rubygem-mime-types-dataredhat-upgrade-rubygem-multi_jsonredhat-upgrade-rubygem-netrcredhat-upgrade-rubygem-oauthredhat-upgrade-rubygem-powerbarredhat-upgrade-rubygem-rest-clientredhat-upgrade-rubygem-unfredhat-upgrade-rubygem-unf_extredhat-upgrade-rubygem-unf_ext-debuginforedhat-upgrade-rubygem-unf_ext-debugsourceredhat-upgrade-rubygem-unicoderedhat-upgrade-rubygem-unicode-debuginforedhat-upgrade-rubygem-unicode-debugsourceredhat-upgrade-rubygem-unicode-display_widthredhat-upgrade-satellite-cliredhat-upgrade-satellite-cloneredhat-upgrade-satellite-maintainredhat-upgrade-tfm-rubygem-amazing_printredhat-upgrade-tfm-rubygem-apipie-bindingsredhat-upgrade-tfm-rubygem-clampredhat-upgrade-tfm-rubygem-domain_nameredhat-upgrade-tfm-rubygem-fast_gettextredhat-upgrade-tfm-rubygem-hammer_cliredhat-upgrade-tfm-rubygem-hammer_cli_foremanredhat-upgrade-tfm-rubygem-hammer_cli_foreman_adminredhat-upgrade-tfm-rubygem-hammer_cli_foreman_ansibleredhat-upgrade-tfm-rubygem-hammer_cli_foreman_azure_rmredhat-upgrade-tfm-rubygem-hammer_cli_foreman_bootdiskredhat-upgrade-tfm-rubygem-hammer_cli_foreman_discoveryredhat-upgrade-tfm-rubygem-hammer_cli_foreman_openscapredhat-upgrade-tfm-rubygem-hammer_cli_foreman_remote_executionredhat-upgrade-tfm-rubygem-hammer_cli_foreman_tasksredhat-upgrade-tfm-rubygem-hammer_cli_foreman_templatesredhat-upgrade-tfm-rubygem-hammer_cli_foreman_virt_who_configureredhat-upgrade-tfm-rubygem-hammer_cli_foreman_webhooksredhat-upgrade-tfm-rubygem-hammer_cli_katelloredhat-upgrade-tfm-rubygem-hashieredhat-upgrade-tfm-rubygem-highlineredhat-upgrade-tfm-rubygem-http-cookieredhat-upgrade-tfm-rubygem-jwtredhat-upgrade-tfm-rubygem-little-pluggerredhat-upgrade-tfm-rubygem-localeredhat-upgrade-tfm-rubygem-loggingredhat-upgrade-tfm-rubygem-mime-typesredhat-upgrade-tfm-rubygem-mime-types-dataredhat-upgrade-tfm-rubygem-multi_jsonredhat-upgrade-tfm-rubygem-netrcredhat-upgrade-tfm-rubygem-oauthredhat-upgrade-tfm-rubygem-powerbarredhat-upgrade-tfm-rubygem-rest-clientredhat-upgrade-tfm-rubygem-unfredhat-upgrade-tfm-rubygem-unf_extredhat-upgrade-tfm-rubygem-unf_ext-debuginforedhat-upgrade-tfm-rubygem-unicoderedhat-upgrade-tfm-rubygem-unicode-debuginforedhat-upgrade-tfm-rubygem-unicode-display_widthredhat-upgrade-tfm-runtime
References
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.