CVE-2024-24829

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-24829

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-24829.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-24829

Aliases

GHSA-rqxh-fp9p-p98r

Published

2024-02-08T23:44:07.676Z

Modified

2025-12-08T23:58:11.965936Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

SSRF in Sentry via Phabricator integration

Details

Sentry is an error tracking and performance monitoring platform. Sentry’s integration platform provides a way for external services to interact with Sentry. One of such integrations, the Phabricator integration (maintained by Sentry) with version <=24.1.1 contains a constrained SSRF vulnerability. An attacker could make Sentry send POST HTTP requests to arbitrary URLs (including internal IP addresses) by providing an unsanitized input to the Phabricator integration. However, the body payload is constrained to a specific format. If an attacker has access to a Sentry instance, this allows them to: 1. interact with internal network; 2. scan local/remote ports. This issue has been fixed in Sentry self-hosted release 24.1.2, and has already been mitigated on sentry.io on February 8. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific

{
    "cwe_ids": [
        "CWE-918"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/24xxx/CVE-2024-24829.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/getsentry/self-hosted

Affected ranges

Type: GIT
Repo: https://github.com/getsentry/self-hosted
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

c63e838a211233e196eac9cb2effc7e7d6603587

Affected versions

20.*

20.12.1

21.*

21.1.0

21.10.0

21.11.0

21.12.0

21.2.0

21.3.0

21.3.1

21.4.0

21.4.1

21.5.0

21.5.1

21.6.0

21.6.1

21.6.2

21.6.3

21.7.0

21.8.0

21.9.0

22.*

22.1.0

22.10.0

22.11.0

22.12.0

22.2.0

22.3.0

22.4.0

22.5.0

22.6.0

22.7.0

22.8.0

22.9.0

23.*

23.1.0

23.1.1

23.10.0

23.10.1

23.11.0

23.11.1

23.11.2

23.12.0

23.12.1

23.2.0

23.3.0

23.3.1

23.4.0

23.5.0

23.5.1

23.5.2

23.6.0

23.6.1

23.6.2

23.7.0

23.7.1

23.7.2

23.8.0

23.9.1

24.*

24.1.0

24.1.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-24829.json"

Git / github.com/getsentry/sentry

Affected ranges

Type: GIT
Repo: https://github.com/getsentry/sentry
Events: Introduced

236d4b88f1fc98fcedd7800c65d798504c186bc2

Fixed

ff4c7ec45fee6edf119139a8ec8d05048a05b9a5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-24829.json"