Authentication Flaw in Sentry Error Tracking Platform
CVE-2024-45605

4.3MEDIUM

Key Information:

Vendor: Sentry
Status: Sentry
Vendor: CVE Published:; 17 September 2024

What is CVE-2024-45605?

Sentry, a leading platform for error tracking and performance monitoring, has been identified with a vulnerability that allows an authenticated user to delete user alert notifications for arbitrary accounts by utilizing a known alert ID. This issue arises due to insufficient authorization checks on requests for deleting user notifications. A patch has been released to ensure that all necessary authorization checks are properly enforced. Users operating the Sentry SaaS version are not affected and do not need to take any action, while those using Self-Hosted Sentry installations are advised to upgrade to version 24.9.0 or later to mitigate this risk. Currently, there are no workarounds available to address this vulnerability.

References

https://github.com/getsentry/sentry/security/advisories/G...

https://github.com/getsentry/sentry/pull/77093

https://github.com/getsentry/self-hosted

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 17, 2024

CVE-2024-45605 Data

JSON