1. Home
  2. CVE Database
  3. CVE-2023-39531
MEDIUM · 6.5

CVE-2023-39531

Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 23.7.2, an attacker with sufficient client-side exploits could retrieve a valid access ...

Vulnerability Description

Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 23.7.2, an attacker with sufficient client-side exploits could retrieve a valid access token for another user during the OAuth token exchange due to incorrect credential validation. The client ID must be known and the API application must have already been authorized on the targeted user account. Sentry SaaS customers do not need to take any action. Self-hosted installations should upgrade to version 23.7.2 or higher. There are no direct workarounds, but users should review applications authorized on their account and remove any that are no longer needed.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
HIGH
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
SentrySentry>= 10.0.0, < 23.7.2

Related Weaknesses (CWE)

CWE-287

References

FAQ

What is CVE-2023-39531?

CVE-2023-39531 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 23.7.2, an attacker with sufficient client-side exploits could retrieve a valid access ...

How severe is CVE-2023-39531?

CVE-2023-39531 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-39531?

Check the references section above for vendor advisories and patch information. Affected products include: Sentry Sentry.