Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Sentry CORS misconfiguration vulnerability
Vulnerability Description
Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the `access-control-allow-credentials: true` HTTP header if the `Origin` request header ends with the `system.base-hostname` option of Sentry installation. This only affects installations that have `system.base-hostname` option explicitly set, as it is empty by default. Impact is limited since recent versions of major browsers have cross-site cookie blocking enabled by default. However, this flaw could allow other multi-step attacks. The patch has been released in Sentry 23.6.2.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
过度许可的跨域白名单
Vulnerability Title
Mobileiron Sentry 安全漏洞
Vulnerability Description
Mobileiron Sentry是美国思可信(Mobileiron)公司的一款智能网关产品。 Sentry 23.6.0版本至23.6.2之前版本存在安全漏洞,该漏洞源于如果请求标头以system.base-hostname结尾,Sentry API会返回错误的HTTP标头。
CVSS Information
N/A
Vulnerability Type
N/A