CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39531 – Sentry vulnerable to incorrect credential validation on OAuth token requests
https://notcve.org/view.php?id=CVE-2023-39531
Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 23.7.2, an attacker with sufficient client-side exploits could retrieve a valid access token for another user during the OAuth token exchange due to incorrect credential validation. The client ID must be known and the API application must have already been authorized on the targeted user account. Sentry SaaS customers do not need to take any action. Self-hosted installations should upgrade to version 23.7.2 or higher. • https://github.com/getsentry/sentry/security/advisories/GHSA-hgj4-h2x3-rfx4 • CWE-287: Improper Authentication •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-39349 – Sentry vulnerable to privilege escalation via ApiTokensEndpoint
https://notcve.org/view.php?id=CVE-2023-39349
Sentry is an error tracking and performance monitoring platform. Starting in version 22.1.0 and prior to version 23.7.2, an attacker with access to a token with few or no scopes can query `/api/0/api-tokens/` for a list of all tokens created by a user, including tokens with greater scopes, and use those tokens in other requests. There is no evidence that the issue was exploited on `sentry.io`. For self-hosted users, it is advised to rotate user auth tokens. A fix is available in version 23.7.2 of `sentry` and `self-hosted`. • https://github.com/getsentry/self-hosted/releases/tag/23.7.2 https://github.com/getsentry/sentry/commit/fad12c1150d1135edf9666ea72ca11bc110c1083 https://github.com/getsentry/sentry/pull/53850 https://github.com/getsentry/sentry/releases/tag/23.7.2 https://github.com/getsentry/sentry/security/advisories/GHSA-9jcq-jf57-c62c • CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36826 – Sentry vulnerable to improper authorization on debug and artifact file downloads
https://notcve.org/view.php?id=CVE-2023-36826
Sentry is an error tracking and performance monitoring platform. Starting in version 8.21.0 and prior to version 23.5.2, an authenticated user can download a debug or artifact bundle from arbitrary organizations and projects with a known bundle ID. The user does not need to be a member of the organization or have permissions on the project. A patch was issued in version 23.5.2 to ensure authorization checks are properly scoped on requests to retrieve debug or artifact bundles. Authenticated users who do not have the necessary permissions on the particular project are no longer able to download them. • https://github.com/getsentry/sentry/commit/e932b15435bf36239431eaa3790a6bcfa47046a9 https://github.com/getsentry/sentry/pull/49680 https://github.com/getsentry/sentry/security/advisories/GHSA-m4hc-m2v6-hfw8 • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28117 – Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True`
https://notcve.org/view.php?id=CVE-2023-28117
Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitive cookies could then be used by someone with access to your Sentry issues to impersonate or escalate their privileges within your application. In order for these sensitive values to be leaked, the Sentry SDK configuration must have `sendDefaultPII` set to `True`; one must use a custom name for either `SESSION_COOKIE_NAME` or `CSRF_COOKIE_NAME` in one's Django settings; and one must not be configured in one's organization or project settings to use Sentry's data scrubbing features to account for the custom cookie names. As of version 1.14.0, the Django integration of the `sentry-sdk` will detect the custom cookie names based on one's Django settings and will remove the values from the payload before sending the data to Sentry. As a workaround, use the SDK's filtering mechanism to remove the cookies from the payload that is sent to Sentry. For error events, this can be done with the `before_send` callback method and for performance related events (transactions) one can use the `before_send_transaction` callback method. • https://github.com/getsentry/sentry-python/pull/1842 https://github.com/getsentry/sentry-python/releases/tag/1.14.0 https://github.com/getsentry/sentry-python/security/advisories/GHSA-29pr-6jr8-q5jm • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23485 – Invite code reuse via cookie manipulation in sentry
https://notcve.org/view.php?id=CVE-2022-23485
Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite link could manipulate a cookie to allow the same invite link to be reused on multiple accounts when joining an organization. As a result an attacker with a valid invite link can create multiple users and join an organization they may not have been originally invited to. This issue was patched in version 22.11.0. Sentry SaaS customers do not need to take action. • https://github.com/getsentry/sentry/security/advisories/GHSA-jv85-mqxj-3f9j • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •