{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45605", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-09-02T16:00:02.424Z", "datePublished": "2024-09-17T19:44:50.664Z", "dateUpdated": "2024-09-18T13:19:27.312Z"}, "containers": {"cna": {"title": "Improper authorization on deletion of user issue alert notifications in sentry", "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "lang": "en", "description": "CWE-639: Authorization Bypass Through User-Controlled Key", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/getsentry/sentry/security/advisories/GHSA-54m3-95j9-v89j", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/getsentry/sentry/security/advisories/GHSA-54m3-95j9-v89j"}, {"name": "https://github.com/getsentry/sentry/pull/77093", "tags": ["x_refsource_MISC"], "url": "https://github.com/getsentry/sentry/pull/77093"}, {"name": "https://github.com/getsentry/self-hosted", "tags": ["x_refsource_MISC"], "url": "https://github.com/getsentry/self-hosted"}], "affected": [{"vendor": "getsentry", "product": "sentry", "versions": [{"version": ">=23.9.0, < 24.9.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-09-17T19:44:50.664Z"}, "descriptions": [{"lang": "en", "value": "Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scoped on requests to delete user alert notifications. Sentry SaaS users do not need to take any action. Self-Hosted Sentry users should upgrade to version 24.9.0 or higher. There are no known workarounds for this vulnerability."}], "source": {"advisory": "GHSA-54m3-95j9-v89j", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-18T13:19:19.399502Z", "id": "CVE-2024-45605", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-18T13:19:27.312Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-45605", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-18T13:19:19.399502Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-18T13:19:23.202Z"}}], "cna": {"title": "Improper authorization on deletion of user issue alert notifications in sentry", "source": {"advisory": "GHSA-54m3-95j9-v89j", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "getsentry", "product": "sentry", "versions": [{"status": "affected", "version": ">=23.9.0, < 24.9.0"}]}], "references": [{"url": "https://github.com/getsentry/sentry/security/advisories/GHSA-54m3-95j9-v89j", "name": "https://github.com/getsentry/sentry/security/advisories/GHSA-54m3-95j9-v89j", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/getsentry/sentry/pull/77093", "name": "https://github.com/getsentry/sentry/pull/77093", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/getsentry/self-hosted", "name": "https://github.com/getsentry/self-hosted", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scoped on requests to delete user alert notifications. Sentry SaaS users do not need to take any action. Self-Hosted Sentry users should upgrade to version 24.9.0 or higher. There are no known workarounds for this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639: Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-09-17T19:44:50.664Z"}}}, "cveMetadata": {"cveId": "CVE-2024-45605", "state": "PUBLISHED", "dateUpdated": "2024-09-18T13:19:27.312Z", "dateReserved": "2024-09-02T16:00:02.424Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-09-17T19:44:50.664Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sentry:sentry:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E6FD59C-D86A-4163-9245-EC4000DC98FC", "versionEndExcluding": "24.9.0", "versionStartIncluding": "23.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scoped on requests to delete user alert notifications. Sentry SaaS users do not need to take any action. Self-Hosted Sentry users should upgrade to version 24.9.0 or higher. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "Sentry es una plataforma de monitoreo de rendimiento y seguimiento de errores que prioriza a los desarrolladores. Un usuario autenticado elimina las notificaciones de alerta de emisi\u00f3n de usuario para usuarios arbitrarios a partir de una ID de alerta conocida. Se emiti\u00f3 un parche para garantizar que las verificaciones de autorizaci\u00f3n tengan el alcance adecuado en las solicitudes de eliminaci\u00f3n de notificaciones de alerta de usuario. Los usuarios de Sentry SaaS no necesitan realizar ninguna acci\u00f3n. Los usuarios de Sentry alojado en servidores propios deben actualizar a la versi\u00f3n 24.9.0 o superior. No existen workarounds para esta vulnerabilidad."}], "id": "CVE-2024-45605", "lastModified": "2024-09-26T19:14:00.873", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-09-17T20:15:05.120", "references": [{"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://github.com/getsentry/self-hosted"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/getsentry/sentry/pull/77093"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/getsentry/sentry/security/advisories/GHSA-54m3-95j9-v89j"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}