40 matches found
CVE-2021-47935
Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint wi...
GHSA-444R-2WHX-3685 Sentry: Superusers can execute arbitrary commands by injecting malicious pickle-serialized objects through audit log entry data parameter
Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint wi...
CVE-2026-42354
Summary of technical details : Sentry versions 21.12.0 through 26.4.0 contain a critical flaw in the SAML SSO implementation that lets an attacker take over a user account by using a malicious Identity Provider and another organization within the same Sentry instance. The attacker must know the v...
CVE-2026-42354
Sentry is an error tracking and performance monitoring tool. From version 21.12.0 to before version 26.4.1, a critical vulnerability was discovered in the SAML SSO implementation of Sentry. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity...
Sentry Python Library 21.12.x < 26.4.1 Improper Authentication (CVE-2026-42354)
The version of Sentry installed on the remote host is 21.12.0 or later but prior to 26.4.1. It is, therefore, affected by a vulnerability: - A critical vulnerability exists in the SAML SSO implementation of Sentry. The vulnerability allows an attacker to take over any user account by using a...
GHSA-GGMG-CQG6-J45G Sentry: Improper authentication on SAML SSO process allows user identity linking
Impact A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same...
CVE-2026-26004
Sentry is a developer-first error tracking and performance monitoring tool. Versions prior to 26.1.0 have a cross-organization Insecure Direct Object Reference IDOR vulnerability in Sentry's GroupEventJsonView endpoint. Version 26.1.0 patches the issue...
CVE-2026-27197
Sentry is a developer-first error tracking and performance monitoring tool. Versions 21.12.0 through 26.1.0 have a critical vulnerability in its SAML SSO implementation which allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on t...
CVE-2026-27197
Sentry is a developer-first error tracking and performance monitoring tool. Versions 21.12.0 through 26.1.0 have a critical vulnerability in its SAML SSO implementation which allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on t...
CVE-2024-41656
Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 24.7.1, an unsanitized payload sent by an Integration platform integration allows storing arbitrary HTML tags on the Sentry side with the subsequent rendering them on the Issues page...
Linux Distros Unpatched Vulnerability : CVE-2022-23485
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite...
CVE-2025-53099 Sentry Missing Invalidation of Authorization Codes During OAuth Exchange and Revocation
Sentry is a developer-first error tracking and performance monitoring tool. Prior to version 25.5.0, an attacker with a malicious OAuth application registered with Sentry can take advantage of a race condition and improper handling of authorization code within Sentry to maintain persistence to a...
Sentry 安全漏洞
Sentry is a developer-oriented bug tracking and performance monitoring platform from Sentry Open Source. A security vulnerability exists in versions of Sentry prior to 25.5.0 that stems from mishandling of competitive conditions and authorization code that may be used as a way to keep user accoun...
CVE-2025-53073
In Sentry 25.1.0 through 25.5.1, an authenticated attacker can access a project's issue endpoint and perform unauthorized actions such as adding a comment without being a member of the project's team. A seven-digit issue ID must be known it is not treated as a secret and might be mentioned...
CVE-2025-53073
In Sentry 25.1.0 through 25.5.1, an authenticated attacker can access a project's issue endpoint and perform unauthorized actions such as adding a comment without being a member of the project's team. A seven-digit issue ID must be known it is not treated as a secret and might be mentioned...
CVE-2025-53073
CVE-2025-53073 affects Sentry versions 25.1.0–25.5.1. An authenticated attacker can access a project’s issue endpoint and perform unauthorized actions (e.g., adding a comment) without belonging to the project team. A seven‑digit issue ID must be known and is not treated as a secret; it may be pub...
Sentry 安全漏洞
Sentry is a developer-oriented bug tracking and performance monitoring platform from Sentry Open Source. A security vulnerability exists in Sentry versions 25.1.0 through 25.5.1, which originates from an authenticated attacker being able to access a project's problematic endpoints and perform...
CVE-2024-10276
A vulnerability has been found in Telestream Sentry 6.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /?page=reports of the component Reports Page. The manipulation of the argument z leads to cross site scripting. The attack can be launche...
CVE-2024-48743
Cross Site Scripting vulnerability in Sentry v.6.0.9 allows a remote attacker to execute arbitrary code via the z parameter...
CVE-2023-39531
Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 23.7.2, an attacker with sufficient client-side exploits could retrieve a valid access token for another user during the OAuth token exchange due to incorrect credential validation. Th...