Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Advisory]: CVE-2024-45606 - Improper authorization on muting of alert rules #14

Open
geoffg-sentry opened this issue Sep 17, 2024 · 0 comments
Open

[Security Advisory]: CVE-2024-45606 - Improper authorization on muting of alert rules #14

geoffg-sentry opened this issue Sep 17, 2024 · 0 comments
Labels
advisory security

Comments

@geoffg-sentry
Copy link

Package and Versions

Package: sentry
Affected Version(s): >=23.4.0, <= 24.8.0
Patched Version(s): 24.9.0

Description

An authenticated user can mute alert rules from arbitrary organizations and projects given a known given rule ID. The user does not need to be a member of the organization or have permissions on the project.

Impact

In our review, we have identified no instances where alerts have been muted by unauthorized parties.

Patches

  • Self-hosted users on affected versions should upgrade to 24.9.0 or later.
  • Sentry SaaS users do not need to take any action.

Workarounds

No workarounds are available.

CVSS 3.1 Score and Vector

CVSS Score: 7.1
CVSS Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Information
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
advisory security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@geoffg-sentry