Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Sentry 25.1.0 through 25.5.1, an authenticated attacker can access a project's issue endpoint and perform unauthorized actions (such as adding a comment) without being a member of the project's team. A seven-digit issue ID must be known (it is not treated as a secret and might be mentioned publicly, or it could be predicted).
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
直接请求(强制性浏览)
Vulnerability Title
Sentry 安全漏洞
Vulnerability Description
Sentry是Sentry开源的一个面向开发人员的错误跟踪和性能监控平台。 Sentry 25.1.0至25.5.1版本存在安全漏洞,该漏洞源于认证的攻击者可访问项目问题端点并执行未授权操作。
CVSS Information
N/A
Vulnerability Type
N/A