Vulnerability Description
Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scoped on requests to delete user alert notifications. Sentry SaaS users do not need to take any action. Self-Hosted Sentry users should upgrade to version 24.9.0 or higher. There are no known workarounds for this vulnerability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sentry | Sentry | >= 23.9.0, < 24.9.0 |
Related Weaknesses (CWE)
References
- https://github.com/getsentry/self-hostedProduct
- https://github.com/getsentry/sentry/pull/77093Issue TrackingPatch
- https://github.com/getsentry/sentry/security/advisories/GHSA-54m3-95j9-v89jVendor Advisory
FAQ
What is CVE-2024-45605?
CVE-2024-45605 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was i...
How severe is CVE-2024-45605?
CVE-2024-45605 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-45605?
Check the references section above for vendor advisories and patch information. Affected products include: Sentry Sentry.