Lucene search

K
vulnrichmentGitHub_MVULNRICHMENT:CVE-2023-39349
HistoryAug 07, 2023 - 6:27 p.m.

CVE-2023-39349 Sentry vulnerable to privilege escalation via ApiTokensEndpoint

2023-08-0718:27:12
CWE-287
CWE-284
GitHub_M
github.com
sentry
privilege escalation
apitokensendpoint
version 22.1.0
version 23.7.2
attacker
token
scopes
query
exploit
self-hosted

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

8

Confidence

High

SSVC

Exploitation

none

Automatable

no

Technical Impact

total

Sentry is an error tracking and performance monitoring platform. Starting in version 22.1.0 and prior to version 23.7.2, an attacker with access to a token with few or no scopes can query /api/0/api-tokens/ for a list of all tokens created by a user, including tokens with greater scopes, and use those tokens in other requests. There is no evidence that the issue was exploited on sentry.io. For self-hosted users, it is advised to rotate user auth tokens. A fix is available in version 23.7.2 of sentry and self-hosted. There are no known workarounds.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:getsentry:sentry:*:*:*:*:*:*:*:*"
    ],
    "vendor": "getsentry",
    "product": "sentry",
    "versions": [
      {
        "status": "affected",
        "version": "22.1.0",
        "lessThan": "23.7.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

8

Confidence

High

SSVC

Exploitation

none

Automatable

no

Technical Impact

total

Related for VULNRICHMENT:CVE-2023-39349