Lucene search

Veracode Vulnerability DatabaseVERACODE:42700

HistoryAug 10, 2023 - 3:58 a.m.

Authentication Bypass

2023-08-1003:58:38

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

sentry

vulnerability

authentication

bypass

oidc

signing token

attacker

oauth token

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

0.001 Low

EPSS

Percentile

19.6%

JSON

sentry is vulnerable to Authentication Bypass. The vulnerability exists due to the lack of a OIDC signing token inside the authentication mechanism which allows an attacker with sufficient client-side exploits to get a valid OAuth token for another user.

CPENameOperatorVersion
sentryle23.7.1
sentryle23.7.1

CPE	Name	Operator	Version
	sentry	le	23.7.1
	sentry	le	23.7.1

References

github.com/advisories/GHSA-hgj4-h2x3-rfx4

github.com/getsentry/sentry/commit/0484457efbec30c1e1dddaf1735116303fbb1ff9

github.com/getsentry/sentry/pull/52945

github.com/getsentry/sentry/security/advisories/GHSA-hgj4-h2x3-rfx4

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

0.001 Low

EPSS

Percentile

19.6%

JSON

Related for VERACODE:42700