CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32474 – Sentry's superuser cleartext password leaked in logs
https://notcve.org/view.php?id=CVE-2024-32474
Sentry is an error tracking and performance monitoring platform. Prior to 24.4.1, when authenticating as a superuser to Sentry with a username and password, the password is leaked as cleartext in logs under the _event_: `auth-index.validate_superuser`. An attacker with access to the log data could use these leaked credentials to login to the Sentry system as superuser. Self-hosted users on affected versions should upgrade to 24.4.1 or later. Users can configure the logging level to exclude logs of the `INFO` level and only generate logs for levels at `WARNING` or more. • https://github.com/getsentry/sentry/commit/d5b34568d9f1c41362ccb62141532a0a2169512f https://github.com/getsentry/sentry/pull/66393 https://github.com/getsentry/sentry/pull/69148 https://github.com/getsentry/sentry/security/advisories/GHSA-6cjm-4pxw-7xp9 • CWE-117: Improper Output Neutralization for Logs CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9490
https://notcve.org/view.php?id=CVE-2014-9490
The numtok function in lib/raven/okjson.rb in the raven-ruby gem before 0.12.2 for Ruby allows remote attackers to cause a denial of service via a large exponent value in a scientific number. La función numtok en lib/raven/okjson.rb en la gema raven-ruby anterior a 0.12.2 para Ruby permite a atacantes remotos causar una denegación de servicio a través de un valor de exponente grande en un número científico. • http://seclists.org/oss-sec/2015/q1/26 https://exchange.xforce.ibmcloud.com/vulnerabilities/99687 https://github.com/getsentry/raven-ruby/commit/477ee93a3f735be33bc1e726820654cdf6e22d8f https://groups.google.com/forum/#%21topic/getsentry/Cz5bih0ZY1U • CWE-399: Resource Management Errors •