Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scoped on requests to delete user alert notifications. Sentry SaaS users do not need to take any action. Self-Hosted Sentry users should upgrade to version 24.9.0 or higher. There are no known workarounds for this vulnerability.
Metrics
Affected Vendors & Products
References
History
Thu, 26 Sep 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Sentry
Sentry sentry |
|
CPEs | cpe:2.3:a:sentry:sentry:*:*:*:*:*:*:*:* | |
Vendors & Products |
Sentry
Sentry sentry |
Wed, 18 Sep 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 17 Sep 2024 20:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scoped on requests to delete user alert notifications. Sentry SaaS users do not need to take any action. Self-Hosted Sentry users should upgrade to version 24.9.0 or higher. There are no known workarounds for this vulnerability. | |
Title | Improper authorization on deletion of user issue alert notifications in sentry | |
Weaknesses | CWE-639 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-09-17T19:44:50.664Z
Updated: 2024-09-18T13:19:27.312Z
Reserved: 2024-09-02T16:00:02.424Z
Link: CVE-2024-45605
Vulnrichment
Updated: 2024-09-18T13:19:23.202Z
NVD
Status : Analyzed
Published: 2024-09-17T20:15:05.120
Modified: 2024-09-26T19:14:00.873
Link: CVE-2024-45605
Redhat
No data.