CVE-2024-45605

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-45605

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45605.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-45605

Aliases

GHSA-54m3-95j9-v89j

Published

2024-09-17T19:44:50.664Z

Modified

2025-12-05T06:17:23.280159Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

Improper authorization on deletion of user issue alert notifications in sentry

Details

Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scoped on requests to delete user alert notifications. Sentry SaaS users do not need to take any action. Self-Hosted Sentry users should upgrade to version 24.9.0 or higher. There are no known workarounds for this vulnerability.

Database specific

{
    "cwe_ids": [
        "CWE-639"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/45xxx/CVE-2024-45605.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/getsentry/sentry

Affected ranges

Type: GIT
Repo: https://github.com/getsentry/sentry
Events: Introduced

b739588e6a2c1dad4b4d5e8cdaa53dfc07509f74

Fixed

2b4c450b540cd139baefc222344c26b3ac3e1012

Affected versions

23.*

23.10.0

23.10.1

23.11.0

23.11.1

23.11.2

23.12.0

23.12.1

23.9.0

23.9.1

24.*

24.1.0

24.1.1

24.1.2

24.2.0

24.3.0

24.4.0

24.4.1

24.4.2

24.5.0

24.5.1

24.6.0

24.7.0

24.7.1

24.8.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45605.json"