Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-30151: [sidekiq <= v6.2, v5.1.3] Cross-site-scripting (XSS) · Issue #4852 · sidekiq/sidekiq

Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.

CVE
#xss#auth#chrome

the payload I provided works against the latest version of master, I tested multiple setups, some only worked for IE and the other worked on all browsers, so I couldn’t understand why,

If you have Internet Explorer you can open this link as a proof
[HOST]/sidekiq/queues/"><h1>@xhzeem

The point is that modern browsers auto encode some characters to URL encoding which makes the " converts into %22but internet explorer doesn’t do that you can see it there with no issue, even though I have another setup that is vulnerable and exploitable on chrome but I don’t know why.

PoC: https://d.top4top.io/p_19096xn861.png

simply just use cURL and you will get it.

curl ‘https://[HOST]/sidekiq/queues/"onmouseover="alert()"’ -H ‘Authorization: Basic YWRtaW46QHhoemVlbQ==’

Related news

Red Hat Security Advisory 2022-5498-01

Red Hat Security Advisory 2022-5498-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include HTTP request smuggling, buffer overflow, bypass, code execution, cross site scripting, denial of service, heap overflow, information leakage, privilege escalation, remote shell upload, remote SQL injection, and traversal vulnerabilities.

RHSA-2022:5498: Red Hat Security Advisory: Satellite 6.11 Release

An update is now available for Red Hat Satellite 6.11This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3200: libsolv: heap-based buffer overflow in testcase_read() in src/testcase.c * CVE-2021-3584: foreman: Authenticate remote code execution through Sendmail configuration * CVE-2021-4142: Satellite: Allow unintended SCA certificate to authenticate Candlepin * CVE-2021-21290: netty: Information disclosure via the local system temporary directory * CVE-2021-21295: netty: possible request smuggling in HTTP/2 due missing validation * CVE-2021-21409: netty: Request smuggling via content-length header * CVE-2021-30151: sidekiq: XSS via the queue name of the live-poll feature * CVE-2021-32839: python-sqlparse: ReDoS via regular expression i...

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907