← Back

CVE-2024-45605

nvd nist
Published: Sep 17, 2024Modified: Sep 26, 2024

JSON object

Loading...
4.3
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Exploitability: 2.8 / Impact: 1.4
Source: NVD

Description

Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scoped on requests to delete user alert notifications. Sentry SaaS users do not need to take any action. Self-Hosted Sentry users should upgrade to version 24.9.0 or higher. There are no known workarounds for this vulnerability.

Affected (1)

Products: Sentry: Sentry
Sentry
1 product
Sentry
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Sentry
From 23.9.0 to 24.9.0

Related CWEs

CWE-639
Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (3)

Source: security-advisories@github.com
Product
Source: security-advisories@github.com
Issue TrackingPatch
Source: security-advisories@github.com
Vendor Advisory

Timeline

No history available yet.