Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Sentry Missing Invalidation of Authorization Codes During OAuth Exchange and Revocation
Vulnerability Description
Sentry is a developer-first error tracking and performance monitoring tool. Prior to version 25.5.0, an attacker with a malicious OAuth application registered with Sentry can take advantage of a race condition and improper handling of authorization code within Sentry to maintain persistence to a user's account. With a specially timed requests and redirect flows, an attacker could generate multiple authorization codes that could be used to exchange for access and refresh tokens. This was possible even after de-authorizing the particular application. This issue has been patched in version 25.5.0. Self-hosted Sentry users should upgrade to version 25.5.0 or higher. Sentry SaaS users do not need to take any action.
CVSS Information
N/A
Vulnerability Type
使用候选路径或通道进行的认证绕过
Vulnerability Title
Sentry 安全漏洞
Vulnerability Description
Sentry是Sentry开源的一个面向开发人员的错误跟踪和性能监控平台。 Sentry 25.5.0之前版本存在安全漏洞,该漏洞源于竞争条件和授权代码处理不当,可能以此来保持用户帐户的持久性。
CVSS Information
N/A
Vulnerability Type
N/A