MEDIUM 6.5 PyPI
Sentry improperly authorizes deletion of user issue alert notifications
GHSA-54m3-95j9-v89j · CVE-2024-45605
Published · Modified
Description
Impact
An authenticated user may delete user issue alert notifications for arbitrary users given a known alert ID.
Patches
A patch was issued to ensure authorization checks are properly scoped on requests to delete user alert notifications.
Sentry SaaS users do not need to take any action. Self-Hosted Sentry users should upgrade to version 24.9.0 or higher.
References
References
- WEB https://github.com/getsentry/sentry/security/advisories/GHSA-54m3-95j9-v89j
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-45605
- WEB https://github.com/getsentry/sentry/pull/77093
- WEB https://github.com/getsentry/sentry/commit/590258255bcb3a5fa4c56f21297b6c99131cfb9d
- WEB https://github.com/getsentry/self-hosted
- PACKAGE https://github.com/getsentry/sentry
Ready to move
Start Securing
Free, no credit card | First findings in minutes