2 matches found
GHSA-4JVG-4JFX-FMHC opentelemetry-collector-contrib sentryexporter: Path traversal in Sentry exporter via attacker-controlled service.name reaches privileged Sentry API endpoints with operator bearer token
Summary The Sentry exporter constructs Sentry API URLs by interpolating the span's service.name resource attribute into the URL path without validation. Because service.name is controlled by remote OTLP senders and the operator-configured bearer token is attached to every request, a crafted servi...
PT-2026-50719
Name of the Vulnerable Software and Affected Versions opentelemetry-collector-contrib sentryexporter affected versions not specified Description The Sentry exporter fails to validate the service.name resource attribute when constructing Sentry API URLs. Because this attribute is controlled by...