Lucene search

[email protected]NVD:CVE-2024-45605

HistorySep 17, 2024 - 8:15 p.m.

CVE-2024-45605

2024-09-1720:15:05

CWE-639

[email protected]

web.nvd.nist.gov

sentry

vulnerability

user alert

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

21.8%

JSON

Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scoped on requests to delete user alert notifications. Sentry SaaS users do not need to take any action. Self-Hosted Sentry users should upgrade to version 24.9.0 or higher. There are no known workarounds for this vulnerability.

Affected configurations

Nvd

Node

sentrysentryRange23.9.0–24.9.0

VendorProductVersionCPE
sentrysentry*cpe:2.3:a:sentry:sentry:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sentry	sentry	*	cpe:2.3:a:sentry:sentry::::::::

References

github.com/getsentry/self-hosted

github.com/getsentry/sentry/pull/77093

github.com/getsentry/sentry/security/advisories/GHSA-54m3-95j9-v89j

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

21.8%

JSON

Related for NVD:CVE-2024-45605

osv2 vulnrichment1 cve1 cvelist1 github1