Sentry@* Security Vulnerabilities and Issues — Sentry@* CVE List

Lucene search

GetsentrySentry*

14 matches found

CVE•added 2023/07/06 11:15 p.m.•2511 views

CVE-2023-36829

Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the access-control-allow-credentials: true HTTP header if the Origin request header ends with the system.base-hostname option of Sentry install...

6.8CVSS5.8AI score0.0015EPSS

CVE•added 2023/08/09 5:15 p.m.•2484 views

CVE-2023-39531

Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 23.7.2, an attacker with sufficient client-side exploits could retrieve a valid access token for another user during the OAuth token exchange due to incorrect credential validation. The ...

6.8CVSS6.4AI score0.00115EPSS

CVE•added 2023/08/07 7:15 p.m.•2478 views

CVE-2023-39349

Sentry is an error tracking and performance monitoring platform. Starting in version 22.1.0 and prior to version 23.7.2, an attacker with access to a token with few or no scopes can query /api/0/api-tokens/ for a list of all tokens created by a user, including tokens with greater scopes, and use th...

8.1CVSS8AI score0.0008EPSS

CVE•added 2025/01/15 8:15 p.m.•127 views

CVE-2025-22146

Sentry is a developer-first error tracking and performance monitoring tool. A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program. The vulnerability allows an attacker to take over any user account by using a malic...

9.1CVSS9.1AI score0.00081EPSS

CVE•added 2023/07/25 7:15 p.m.•126 views

CVE-2023-36826

Sentry is an error tracking and performance monitoring platform. Starting in version 8.21.0 and prior to version 23.5.2, an authenticated user can download a debug or artifact bundle from arbitrary organizations and projects with a known bundle ID. The user does not need to be a member of the organ...

7.7CVSS6.8AI score0.0018EPSS

CVE•added 2022/12/10 1:15 a.m.•83 views

CVE-2022-23485

Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite link could manipulate a cookie to allow the same invite link to be reused on multiple accounts when joining an organization. As a result a...

6.4CVSS5.2AI score0.00052EPSS

CVE•added 2024/05/31 6:15 p.m.•79 views

CVE-2024-35196

Sentry is a developer-first error tracking and performance monitoring platform. Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, it ...

2CVSS3.7AI score0.00067EPSS

CVE•added 2024/11/22 8:15 p.m.•67 views

CVE-2024-53253

Sentry is an error tracking and performance monitoring platform. Version 24.11.0, and only version 24.11.0, is vulnerable to a scenario where a specific error message generated by the Sentry platform could include a plaintext Client ID and Client Secret for an application integration. The Client ID...

5.3CVSS5.2AI score0.00092EPSS

CVE•added 2024/04/18 8:15 p.m.•56 views

CVE-2024-32474

Sentry is an error tracking and performance monitoring platform. Prior to 24.4.1, when authenticating as a superuser to Sentry with a username and password, the password is leaked as cleartext in logs under the event : auth-index.validate_superuser. An attacker with access to the log data could use...

7.3CVSS6.8AI score0.0033EPSS

CVE•added 2024/09/17 8:15 p.m.•46 views

CVE-2024-45606

Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does not need to be a member of the organization or have permissions on the project. In our review, we h...

7.1CVSS5.7AI score0.00116EPSS

CVE•added 2024/07/23 10:15 p.m.•44 views

CVE-2024-41656

Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 24.7.1, an unsanitized payload sent by an Integration platform integration allows storing arbitrary HTML tags on the Sentry side with the subsequent rendering them on the Issues page. Se...

7.1CVSS6.7AI score0.0063EPSS

CVE•added 2024/09/17 8:15 p.m.•41 views

CVE-2024-45605

Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scoped on requests to delete user alert notificat...

6.5CVSS5.4AI score0.00139EPSS

CVE•added 2024/02/09 12:15 a.m.•39 views

CVE-2024-24829

Sentry is an error tracking and performance monitoring platform. Sentry’s integration platform provides a way for external services to interact with Sentry. One of such integrations, the Phabricator integration (maintained by Sentry) with version

5.3CVSS5.3AI score0.00076EPSS

CVE•added 2025/07/01 3:15 p.m.•6 views

CVE-2025-53099

Sentry is a developer-first error tracking and performance monitoring tool. Prior to version 25.5.0, an attacker with a malicious OAuth application registered with Sentry can take advantage of a race condition and improper handling of authorization code within Sentry to maintain persistence to a us...

5.5CVSS6.5AI score0.00049EPSS