CVE-2024-45605

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-45605

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45605.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-45605

Aliases

GHSA-54m3-95j9-v89j

Published

2024-09-17T20:15:05Z

Modified

2024-10-08T04:25:15.963092Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scoped on requests to delete user alert notifications. Sentry SaaS users do not need to take any action. Self-Hosted Sentry users should upgrade to version 24.9.0 or higher. There are no known workarounds for this vulnerability.

References

Affected packages

Git / github.com/getsentry/sentry

Affected ranges

Type: GIT
Repo: https://github.com/getsentry/sentry
Events: Introduced

b739588e6a2c1dad4b4d5e8cdaa53dfc07509f74

Fixed

2b4c450b540cd139baefc222344c26b3ac3e1012

Affected versions

23.*

23.10.0

23.10.1

23.11.0

23.11.1

23.11.2

23.12.0

23.12.1

23.9.0

23.9.1

24.*

24.1.0

24.1.1

24.1.2

24.2.0

24.3.0

24.4.0

24.4.1

24.4.2

24.5.0

24.5.1

24.6.0

24.7.0

24.7.1

24.8.0