You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
An authenticated user can mute alert rules from arbitrary organizations and projects given a known given rule ID. The user does not need to be a member of the organization or have permissions on the project.
Impact
In our review, we have identified no instances where alerts have been muted by unauthorized parties.
Patches
Self-hosted users on affected versions should upgrade to 24.9.0 or later.
Package and Versions
Package:
sentry
Affected Version(s):
>=23.4.0, <= 24.8.0
Patched Version(s):
24.9.0
Description
An authenticated user can mute alert rules from arbitrary organizations and projects given a known given rule ID. The user does not need to be a member of the organization or have permissions on the project.
Impact
In our review, we have identified no instances where alerts have been muted by unauthorized parties.
Patches
Workarounds
No workarounds are available.
CVSS 3.1 Score and Vector
CVSS Score: 7.1
CVSS Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Information
The text was updated successfully, but these errors were encountered: