Lucene search
PRIOn knowledge basePRION:CVE-2022-23485HistoryDec 10, 2022 - 1:15 a.m.
Design/Logic Flaw
2022-12-1001:15:00
PRIOn knowledge base
www.prio-n.com
3
sentry
python library
security flaw
cookie manipulation
patched version
organization_joining
self-hosted
disable_invite_functionality
sentry.conf.py
Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite link could manipulate a cookie to allow the same invite link to be reused on multiple accounts when joining an organization. As a result an attacker with a valid invite link can create multiple users and join an organization they may not have been originally invited to. This issue was patched in version 22.11.0. Sentry SaaS customers do not need to take action. Self-hosted Sentry installs on systems which can not upgrade can disable the invite functionality until they are ready to deploy the patched version by editing their sentry.conf.py file (usually located at ~/.sentry/).
Related
nvd
nvd
CVE-2022-23485
2022-12-10 01:15:10
osv
osv
Sentry vulnerable to invite code reuse via cookie manipulation
2022-12-12 21:27:09
PYSEC-2022-43011
2022-12-10 01:15:00
CVE-2022-23485
2022-12-10 01:15:10
github
github
Sentry vulnerable to invite code reuse via cookie manipulation
2022-12-12 21:27:09
ubuntucve
ubuntucve
CVE-2022-23485
2022-12-10 00:00:00
cvelist
cvelist
CVE-2022-23485 Invite code reuse via cookie manipulation in sentry
2022-12-10 00:40:46
cve
cve
CVE-2022-23485
2022-12-10 01:15:10
veracode
veracode
Improper Access Control
2022-12-13 08:37:08