CVE-2025-53073

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-53073

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53073.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-53073

Published

2025-06-24T18:15:26Z

Modified

2025-06-27T11:02:57.544878Z

Summary

[none]

Details

In Sentry 25.1.0 through 25.5.1, an authenticated attacker can access a project's issue endpoint and perform unauthorized actions (such as adding a comment) without being a member of the project's team. A seven-digit issue ID must be known (it is not treated as a secret and might be mentioned publicly, or it could be predicted).

References

Affected packages

Git / github.com/getsentry/self-hosted

Affected ranges

Type: GIT
Repo: https://github.com/getsentry/self-hosted
Events: Introduced

11faae66acdc6a1dcbc72a09d8ee316f52daeadb

Last affected

cbebc4f3f43a6ef5834d059bb144e67b7515d752

Affected versions

25.*

25.1.0

25.2.0

25.3.0

25.4.0

25.5.0

25.5.1