CVE-2024-45605

Опубликовано: 17 сент. 2024

Источник: nvd

CVSS3: 6.5

CVSS3: 4.3

EPSS Низкий

Описание

Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scoped on requests to delete user alert notifications. Sentry SaaS users do not need to take any action. Self-Hosted Sentry users should upgrade to version 24.9.0 or higher. There are no known workarounds for this vulnerability.

Ссылки

https://github.com/getsentry/self-hosted
Product
https://github.com/getsentry/sentry/pull/77093
Issue Tracking
Patch
https://github.com/getsentry/sentry/security/advisories/GHSA-54m3-95j9-v89j
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sentry:sentry:*:*:*:*:*:*:*:*

Версия от 23.9.0 (включая) до 24.9.0 (исключая)

EPSS

Процентиль: 61%

0.00411

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-639

Связанные уязвимости

GHSA-54m3-95j9-v89j

CVSS3: 6.5

github

больше 1 года назад

Sentry improperly authorizes deletion of user issue alert notifications

EPSS

Процентиль: 61%

0.00411

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-639