vulnerability
Ubuntu: USN-7695-1 (CVE-2022-23837): Sidekiq vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Jan 21, 2022 | Jul 1, 2025 | Aug 20, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Jan 21, 2022
Added
Jul 1, 2025
Modified
Aug 20, 2025
Description
In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users.
Solution
ubuntu-pro-upgrade-ruby-sidekiq
References
- CVE-2022-23837
- https://attackerkb.com/topics/CVE-2022-23837
- CWE-770
- UBUNTU-USN-7695-1
- URL-https://github.com/TUTUMSPACE/exploits/blob/main/sidekiq.md
- URL-https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956
- URL-https://ubuntu.com/security/notices/USN-7695-1
- URL-https://www.cve.org/CVERecord?id=CVE-2022-23837
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.