CVE-2024-24829

SSRF in Sentry via Phabricator integration

Severity Score

5.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

Sentry is an error tracking and performance monitoring platform. Sentry’s integration platform provides a way for external services to interact with Sentry. One of such integrations, the Phabricator integration (maintained by Sentry) with version <=24.1.1 contains a constrained SSRF vulnerability. An attacker could make Sentry send POST HTTP requests to arbitrary URLs (including internal IP addresses) by providing an unsanitized input to the Phabricator integration. However, the body payload is constrained to a specific format. If an attacker has access to a Sentry instance, this allows them to: 1. interact with internal network; 2. scan local/remote ports. This issue has been fixed in Sentry self-hosted release 24.1.2, and has already been mitigated on sentry.io on February 8. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Sentry es una plataforma de seguimiento de errores y supervisión del rendimiento. La plataforma de integración de Sentry proporciona una forma para que los servicios externos interactúen con Sentry. Una de esas integraciones, la integración de Phabricator (mantenida por Sentry) con la versión <=24.1.1, contiene una vulnerabilidad SSRF restringida. Un atacante podría hacer que Sentry envíe solicitudes POST HTTP a URL arbitrarias (incluidas direcciones IP internas) proporcionando una entrada no sanitizada a la integración de Phabricator. Sin embargo, el payload de la carrocería está limitado a un formato específico. Si un atacante tiene acceso a una instancia de Sentry, esto le permite: 1. interactuar con la red interna; 2. escanear puertos locales/remotos. Este problema se solucionó en la versión 24.1.2 autohospedada de Sentry y ya se mitigó en sentry.io el 8 de febrero. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-01-31 CVE Reserved
2024-02-08 CVE Published
2024-02-17 EPSS Updated
2024-08-01 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-918: Server-Side Request Forgery (SSRF)

CAPEC

References (3)

URL	Tag	Source
https://github.com/getsentry/self-hosted/releases/tag/24.1.2	Release Notes
https://github.com/getsentry/sentry/pull/64882	Issue Tracking
https://github.com/getsentry/sentry/security/advisories/GHSA-rqxh-fp9p-p98r	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Sentry Search vendor "Sentry"		Sentry Search vendor "Sentry" for product "Sentry"				>= 9.1.0 < 24.1.2 Search vendor "Sentry" for product "Sentry" and version " >= 9.1.0 < 24.1.2"		-		Affected