CVE-2024-45605 MEDIUM

CVE-2024-45605: Improper authorization on deletion of user issue alert notifications in sentry

Vendor Getsentry
Product sentry
Weakness CWE-639 · IDOR
Published September 17, 2024
Last update September 18, 2024

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scoped on requests to delete user alert notifications. Sentry SaaS users do not need to take any action. Self-Hosted Sentry users should upgrade to version 24.9.0 or higher. There are no known workarounds for this vulnerability.

Key dates

02Disclosure timeline

September 17, 2024 CVE published
September 18, 2024 Record updated