CVE-2024-45605

Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scoped on requests to delete user alert notifications. Sentry SaaS users do not need to take any action. Self-Hosted Sentry users should upgrade to version 24.9.0 or higher. There are no known workarounds for this vulnerability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:sentry:sentry:*:*:*:*:*:*:*:*

History

26 Sep 2024, 19:14

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 6.5
v2 : unknown
v3 : 4.3
References () https://github.com/getsentry/sentry/pull/77093 - Patch () https://github.com/getsentry/sentry/pull/77093 - Issue Tracking, Patch

26 Sep 2024, 18:56

Type Values Removed Values Added
CPE cpe:2.3:a:sentry:sentry:*:*:*:*:*:*:*:*
First Time Sentry
Sentry sentry
References () https://github.com/getsentry/self-hosted - () https://github.com/getsentry/self-hosted - Product
References () https://github.com/getsentry/sentry/pull/77093 - () https://github.com/getsentry/sentry/pull/77093 - Patch
References () https://github.com/getsentry/sentry/security/advisories/GHSA-54m3-95j9-v89j - () https://github.com/getsentry/sentry/security/advisories/GHSA-54m3-95j9-v89j - Vendor Advisory

20 Sep 2024, 12:30

Type Values Removed Values Added
Summary
  • (es) Sentry es una plataforma de monitoreo de rendimiento y seguimiento de errores que prioriza a los desarrolladores. Un usuario autenticado elimina las notificaciones de alerta de emisión de usuario para usuarios arbitrarios a partir de una ID de alerta conocida. Se emitió un parche para garantizar que las verificaciones de autorización tengan el alcance adecuado en las solicitudes de eliminación de notificaciones de alerta de usuario. Los usuarios de Sentry SaaS no necesitan realizar ninguna acción. Los usuarios de Sentry alojado en servidores propios deben actualizar a la versión 24.9.0 o superior. No existen workarounds para esta vulnerabilidad.

17 Sep 2024, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-17 20:15

Updated : 2024-09-26 19:14


NVD link : CVE-2024-45605

Mitre link : CVE-2024-45605

CVE.ORG link : CVE-2024-45605


JSON object : View

Products Affected

sentry

  • sentry
CWE
CWE-639

Authorization Bypass Through User-Controlled Key