Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scoped on requests to delete user alert notifications. Sentry SaaS users do not need to take any action. Self-Hosted Sentry users should upgrade to version 24.9.0 or higher. There are no known workarounds for this vulnerability.
History

Thu, 26 Sep 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Sentry
Sentry sentry
CPEs cpe:2.3:a:sentry:sentry:*:*:*:*:*:*:*:*
Vendors & Products Sentry
Sentry sentry

Wed, 18 Sep 2024 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 17 Sep 2024 20:00:00 +0000

Type Values Removed Values Added
Description Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scoped on requests to delete user alert notifications. Sentry SaaS users do not need to take any action. Self-Hosted Sentry users should upgrade to version 24.9.0 or higher. There are no known workarounds for this vulnerability.
Title Improper authorization on deletion of user issue alert notifications in sentry
Weaknesses CWE-639
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-09-17T19:44:50.664Z

Updated: 2024-09-18T13:19:27.312Z

Reserved: 2024-09-02T16:00:02.424Z

Link: CVE-2024-45605

cve-icon Vulnrichment

Updated: 2024-09-18T13:19:23.202Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-17T20:15:05.120

Modified: 2024-09-26T19:14:00.873

Link: CVE-2024-45605

cve-icon Redhat

No data.