Sentry Security Vulnerabilities and Issues — Sentry CVE List

Lucene search

SentrySentry

9 matches found

CVE•added 2023/07/06 11:15 p.m.•2511 views

CVE-2023-36829

Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the access-control-allow-credentials: true HTTP header if the Origin request header ends with the system.base-hostname option of Sentry install...

6.8CVSS5.8AI score0.0015EPSS

CVE•added 2023/08/09 5:15 p.m.•2484 views

CVE-2023-39531

Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 23.7.2, an attacker with sufficient client-side exploits could retrieve a valid access token for another user during the OAuth token exchange due to incorrect credential validation. The ...

6.8CVSS6.4AI score0.00115EPSS

CVE•added 2023/08/07 7:15 p.m.•2478 views

CVE-2023-39349

Sentry is an error tracking and performance monitoring platform. Starting in version 22.1.0 and prior to version 23.7.2, an attacker with access to a token with few or no scopes can query /api/0/api-tokens/ for a list of all tokens created by a user, including tokens with greater scopes, and use th...

8.1CVSS8AI score0.0008EPSS

CVE•added 2023/07/25 7:15 p.m.•126 views

CVE-2023-36826

Sentry is an error tracking and performance monitoring platform. Starting in version 8.21.0 and prior to version 23.5.2, an authenticated user can download a debug or artifact bundle from arbitrary organizations and projects with a known bundle ID. The user does not need to be a member of the organ...

7.7CVSS6.8AI score0.00131EPSS

CVE•added 2022/12/10 1:15 a.m.•83 views

CVE-2022-23485

Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite link could manipulate a cookie to allow the same invite link to be reused on multiple accounts when joining an organization. As a result a...

6.4CVSS5.2AI score0.00052EPSS

CVE•added 2024/09/17 8:15 p.m.•46 views

CVE-2024-45606

Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does not need to be a member of the organization or have permissions on the project. In our review, we h...

7.1CVSS5.7AI score0.00116EPSS

CVE•added 2024/09/17 8:15 p.m.•41 views

CVE-2024-45605

Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scoped on requests to delete user alert notificat...

6.5CVSS5.4AI score0.00139EPSS

CVE•added 2024/02/09 12:15 a.m.•39 views

CVE-2024-24829

Sentry is an error tracking and performance monitoring platform. Sentry’s integration platform provides a way for external services to interact with Sentry. One of such integrations, the Phabricator integration (maintained by Sentry) with version

5.3CVSS5.3AI score0.00076EPSS

CVE•added 2025/06/24 6:15 p.m.•12 views

CVE-2025-53073

In Sentry 25.1.0 through 25.5.1, an authenticated attacker can access a project's issue endpoint and perform unauthorized actions (such as adding a comment) without being a member of the project's team. A seven-digit issue ID must be known (it is not treated as a secret and might be mentioned publi...

4.2CVSS7AI score0.00032EPSS