Vulnerability in Sentry Version 24.11.0 Exposes Client Credentials
CVE-2024-53253
What is CVE-2024-53253?
Sentry version 24.11.0 contains a vulnerability that may inadvertently expose sensitive integration credentials, specifically the Client ID and Client Secret. This exposure occurs under certain operational conditions involving a malfunctioning third-party response linked to the platform's Search UI component. Although the credentials do not appear in the user interface, they can be returned through HTTP responses when errors such as 'select-requester.invalid-response' occur. Although this vulnerability primarily affects privately hosted Sentry users with their own integrations, no known abuse of exposed credentials has been reported. Sentry has provided a fix for users managing self-hosted instances, and it is recommended to review integration security protocols to mitigate any potential risks.