6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
0.001 Low
EPSS
Percentile
32.0%
sentry is susceptible to Permissive Cross-domain Policy With Untrusted Domains. If the Origin
request header ends with the system.base-hostname
option in the sentry installation, the sentry API returns the access-control-allow-credentials: true
HTTP header. Only installations that have the system.base-hostname
option explicitly set are affected by this vulnerability.