Lucene search

GitHub_MCVE-2024-45605

HistorySep 17, 2024 - 8:15 p.m.

CVE-2024-45605

2024-09-1720:15:05

CWE-639

GitHub_M

web.nvd.nist.gov

sentry

error tracking

vulnerability

patched

authorization checks

upgrade

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

21.8%

JSON

Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scoped on requests to delete user alert notifications. Sentry SaaS users do not need to take any action. Self-Hosted Sentry users should upgrade to version 24.9.0 or higher. There are no known workarounds for this vulnerability.

Affected configurations

Nvd

Vulners

Node

sentrysentryRange23.9.0–24.9.0

VendorProductVersionCPE
sentrysentry*cpe:2.3:a:sentry:sentry:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sentry	sentry	*	cpe:2.3:a:sentry:sentry::::::::

CNA Affected

[
  {
    "vendor": "getsentry",
    "product": "sentry",
    "versions": [
      {
        "version": ">=23.9.0, < 24.9.0",
        "status": "affected"
      }
    ]
  }
]

References

github.com/getsentry/self-hosted

github.com/getsentry/sentry/pull/77093

github.com/getsentry/sentry/security/advisories/GHSA-54m3-95j9-v89j

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

21.8%

JSON

Related for CVE-2024-45605