CVE-2023-36829

Sentry CORS misconfiguration vulnerability

Severity Score

5.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the `access-control-allow-credentials: true` HTTP header if the `Origin` request header ends with the `system.base-hostname` option of Sentry installation. This only affects installations that have `system.base-hostname` option explicitly set, as it is empty by default. Impact is limited since recent versions of major browsers have cross-site cookie blocking enabled by default. However, this flaw could allow other multi-step attacks. The patch has been released in Sentry 23.6.2.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2023-06-27 CVE Reserved
2023-07-06 CVE Published
2024-08-07 EPSS Updated
2024-11-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-697: Incorrect Comparison
CWE-863: Incorrect Authorization
CWE-942: Permissive Cross-domain Policy with Untrusted Domains

CAPEC

References (4)

URL	Tag	Source
https://github.com/getsentry/self-hosted/releases/tag/23.6.2	Release Notes

URL	Date	SRC

URL	Date	SRC
https://github.com/getsentry/sentry/commit/ee44c6be35e5e464bc40637580f39867898acd8b	2023-07-17
https://github.com/getsentry/sentry/pull/52276	2023-07-17
https://github.com/getsentry/sentry/security/advisories/GHSA-4xqm-4p72-87h6	2023-07-17

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Functional Search vendor "Functional"		Sentry Search vendor "Functional" for product "Sentry"				>= 23.6.0 < 23.6.2 Search vendor "Functional" for product "Sentry" and version " >= 23.6.0 < 23.6.2"		-		Affected