CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22146 – Improper authentication on SAML SSO process allows user impersonation in sentry
https://notcve.org/view.php?id=CVE-2025-22146
15 Jan 2025 — Sentry is a developer-first error tracking and performance monitoring tool. A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sentry instance. The victim email address must be known in order to exploit this vulnerability. • https://github.com/getsentry/sentry/pull/83407 • CWE-287: Improper Authentication •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53253 – Sentry's improper error handling leaks Application Integration Client Secret
https://notcve.org/view.php?id=CVE-2024-53253
22 Nov 2024 — Sentry is an error tracking and performance monitoring platform. Version 24.11.0, and only version 24.11.0, is vulnerable to a scenario where a specific error message generated by the Sentry platform could include a plaintext Client ID and Client Secret for an application integration. The Client ID and Client Secret would not be displayed in the UI, but would be returned in the underlying HTTP response to the end user. This could occur under the following conditions: An app installation made use of a Search... • https://github.com/getsentry/sentry/pull/79377 • CWE-209: Generation of Error Message Containing Sensitive Information •