CVE-2023-36829

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-36829
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-36829.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-36829
Aliases
Related
Published
2023-07-06T23:15:09Z
Modified
2025-01-15T05:19:41.786976Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the access-control-allow-credentials: true HTTP header if the Origin request header ends with the system.base-hostname option of Sentry installation. This only affects installations that have system.base-hostname option explicitly set, as it is empty by default. Impact is limited since recent versions of major browsers have cross-site cookie blocking enabled by default. However, this flaw could allow other multi-step attacks. The patch has been released in Sentry 23.6.2.

References

Affected packages

Git / github.com/getsentry/self-hosted

Affected ranges

Type
GIT
Repo
https://github.com/getsentry/self-hosted
Events
Type
GIT
Repo
https://github.com/getsentry/sentry
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

1.*

1.10.0
1.10.1
1.11.0
1.11.1
1.11.2
1.11.3
1.11.4
1.12.0
1.12.1
1.12.2
1.13.0
1.13.1
1.13.2
1.13.3
1.13.4
1.13.5
1.4.3
1.6.2
1.6.4
1.6.5
1.6.7
1.6.8
1.6.8.1
1.6.8.2
1.7.3
1.8.3.1
1.8.4
1.8.4.1
1.8.4.2
1.8.8

2.*

2.0.0
2.0.0-RC5
2.0.0-RC7
2.0.0-RC9
2.0.1
2.0.2
2.1.0
2.1.1
2.1.2
2.1.3
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.3.0
2.3.1
2.3.2
2.4.0
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.5.0
2.5.1
2.5.2
2.6.0
2.6.1
2.6.2
2.7.0
2.8.0
2.8.1
2.9.0

20.*

20.10.0
20.10.1
20.11.0
20.11.1
20.12.1
20.6.0
20.7.0
20.7.1
20.8.0
20.9.0

21.*

21.1.0
21.2.0
21.3.0
21.3.1
21.4.0
21.4.1
21.5.0
21.5.1
21.6.0
21.6.1
21.6.2
21.6.3
21.7.0
21.8.0
21.9.0

22.*

22.1.0
22.10.0
22.11.0
22.12.0
22.2.0
22.3.0
22.4.0
22.5.0
22.6.0
22.7.0
22.8.0
22.9.0

23.*

23.1.0
23.1.1
23.2.0
23.3.0
23.3.1
23.4.0
23.5.0
23.5.1
23.5.2
23.6.0
23.6.1

3.*

3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.2.0
3.3.0
3.3.1
3.3.2
3.4.0
3.4.1
3.4.2
3.5.0
3.5.1
3.5.2
3.5.3
3.5.5
3.5.6
3.5.7
3.5.8
3.5.9
3.6.0
3.6.1
3.6.2
3.6.3
3.6.4
3.7.0
3.7.1
3.7.2
3.7.3
3.7.4
3.8.0
3.8.1
3.8.2

4.*

4.0.0
4.0.10
4.0.11
4.0.12
4.0.13
4.0.14
4.0.15
4.0.16
4.0.17
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.1.0
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.1.7
4.10.0
4.2.0
4.2.1
4.2.2
4.2.4
4.2.5
4.3.0
4.3.1
4.3.2
4.3.3
4.4.0
4.4.1
4.4.2
4.4.3
4.4.4
4.4.5
4.4.6
4.5.0
4.5.1
4.5.2
4.5.3
4.5.4
4.5.5
4.5.6
4.5.7
4.6.0
4.7.0
4.7.1
4.7.2
4.7.3
4.7.4
4.7.7
4.7.8
4.7.9
4.8.0
4.8.1
4.8.2
4.8.3
4.8.4
4.8.5
4.8.6
4.9.0
4.9.2
4.9.4
4.9.5
4.9.6
4.9.7
4.9.7.1
4.9.8

5.*

5.0.0
5.0.1
5.0.10
5.0.11
5.0.11.1
5.0.12
5.0.13
5.0.14
5.0.15
5.0.16
5.0.16.1
5.0.17.1
5.0.17.2
5.0.18
5.0.18.1
5.0.18.2
5.0.19
5.0.2
5.0.20
5.0.20.1
5.0.21
5.0.3
5.0.4
5.0.5
5.0.6
5.0.7
5.0.8.1
5.1.0
5.1.1
5.1.1.1
5.1.1.2
5.1.2
5.1.3
5.1.4
5.1.5
5.2.0
5.2.1
5.3.0
5.3.1
5.3.2
5.3.3
5.3.4
5.4.0
5.4.1
5.4.2
5.4.3
5.4.4
5.4.5

6.*

6.0.0
6.0.1
6.0.2
6.0.3
6.0.4
6.0.5
6.0.6
6.1.0
6.1.1
6.1.2
6.2.0
6.2.1
6.2.2
6.2.3
6.3.0
6.3.1
6.3.2
6.4.0
6.4.2
6.4.2.1
6.4.3
6.4.4

7.*

7.0.0
7.1.0
7.2.0
7.3.0
7.4.0

8.*

8.0.0
8.0.0-rc1
8.0.0rc2
8.1.0

v1.*

v1.10.0
v1.10.1
v1.11.0
v1.11.1
v1.11.2
v1.11.3
v1.11.4
v1.12.0
v1.12.1
v1.12.2
v1.13.0
v1.13.1
v1.13.2
v1.13.3
v1.13.4
v1.13.5
v1.6.2
v1.6.4
v1.6.5
v1.6.7
v1.6.8
v1.6.8.1
v1.6.8.2
v1.7.3
v1.8.3.1
v1.8.4
v1.8.4.1
v1.8.4.2
v1.8.8