6.1

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-46950

CVE-2023-46950: Cross Site Scripting vulnerability in Contribsys Sidekiq

Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted URL to the filter functions.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2023-46950

CVE-2023-46950:

6.1

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
sidekiq-unique-jobs	rubygems	>= 8.0.0, < 8.0.7	8.0.7
sidekiq-unique-jobs	rubygems	< 7.1.33	7.1.33

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The GitHub patch shows critical parameter sanitization changes in lib/sidekiq_unique_jobs/web.rb where all affected parameters (filter, count, cursor, prev_cursor, digest, job_id) were wrapped in h() for HTML escaping. The vulnerability stemmed from these parameters being reflected in the admin UI without proper encoding. The '/changelogs', '/locks', and '/expiring_locks' endpoints were explicitly called out in advisories as XSS vectors via their filter parameters. High confidence comes from direct evidence in commit diffs and CVE descriptions linking unsanitized URL parameters to XSS.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

6.1

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2023-46950: Cross Site Scripting vulnerability in Contribsys Sidekiq

CVE-2023-46950:

6.1

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Basic Information

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

6.1

6.1

CVE-2023-46950: Cross Site Scripting vulnerability in Contribsys Sidekiq

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI