Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Sentry vulnerable to privilege escalation via ApiTokensEndpoint
Vulnerability Description
Sentry is an error tracking and performance monitoring platform. Starting in version 22.1.0 and prior to version 23.7.2, an attacker with access to a token with few or no scopes can query `/api/0/api-tokens/` for a list of all tokens created by a user, including tokens with greater scopes, and use those tokens in other requests. There is no evidence that the issue was exploited on `sentry.io`. For self-hosted users, it is advised to rotate user auth tokens. A fix is available in version 23.7.2 of `sentry` and `self-hosted`. There are no known workarounds.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
访问控制不恰当
Vulnerability Title
Mobileiron Sentry 访问控制错误漏洞
Vulnerability Description
Mobileiron Sentry是美国思可信(Mobileiron)公司的一款智能网关产品。 Mobileiron Sentry 22.1.0至23.7.2之前版本存在访问控制错误漏洞,该漏洞源于允许攻击者通过/api/0/api-tokens/窃取并利用用户token。
CVSS Information
N/A
Vulnerability Type
N/A