Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper authorization on deletion of user issue alert notifications in sentry
Vulnerability Description
Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scoped on requests to delete user alert notifications. Sentry SaaS users do not need to take any action. Self-Hosted Sentry users should upgrade to version 24.9.0 or higher. There are no known workarounds for this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
Sentry 安全漏洞
Vulnerability Description
Sentry是Sentry开源的一个面向开发人员的错误跟踪和性能监控平台。 Sentry 23.9.0及之前版本和24.8.0及之前版本存在安全漏洞,该漏洞源于经过认证的用户可以通过已知的警报ID删除任意用户的警报通知。
CVSS Information
N/A
Vulnerability Type
N/A