Veracode Vulnerability DatabaseVERACODE:48129Information Leakage
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
AI Score
Confidence
Low
Sentry-sdk is vulnerable to Information Leakage. The vulnerability is due to subprocess calls leaking environment variables when the Stdlib integration is enabled, which could allow an attacker to gain access to sensitive environment variables by exploiting the unintended passing of these variables to subprocesses calls.
References
docs.python.org/3/library/subprocess.html
docs.sentry.io/platforms/python/integrations/default-integrations
docs.sentry.io/platforms/python/integrations/default-integrations/#stdlib
github.com/getsentry/sentry-python/commit/763e40aa4cb57ecced467f48f78f335c87e9bdff
github.com/getsentry/sentry-python/pull/3251
github.com/getsentry/sentry-python/releases/tag/2.8.0
github.com/getsentry/sentry-python/security/advisories/GHSA-g92j-qhmh-64v2
Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
AI Score
Confidence
Low