Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2023-39349

Sentry is an error tracking and performance monitoring platform. Starting in version 22.1.0 and prior to version 23.7.2, an attacker with access to a token with few or no scopes can query `/api/0/api-tokens/` for a list of all tokens created by a user, including tokens with greater scopes, and use those tokens in other requests. There is no evidence that the issue was exploited on `sentry.io`. For self-hosted users, it is advised to rotate user auth tokens. A fix is available in version 23.7.2 of `sentry` and `self-hosted`. There are no known workarounds.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.6%
CVSS Severity
CVSS v3 Score 8.1
Products affected by CVE-2023-39349
  • Sentry » Sentry » Version: 22.1.0
    cpe:2.3:a:sentry:sentry:22.1.0
  • Sentry » Sentry » Version: 22.10.0
    cpe:2.3:a:sentry:sentry:22.10.0
  • Sentry » Sentry » Version: 22.11.0
    cpe:2.3:a:sentry:sentry:22.11.0
  • Sentry » Sentry » Version: 22.12.0
    cpe:2.3:a:sentry:sentry:22.12.0
  • Sentry » Sentry » Version: 22.2.0
    cpe:2.3:a:sentry:sentry:22.2.0
  • Sentry » Sentry » Version: 22.3.0
    cpe:2.3:a:sentry:sentry:22.3.0
  • Sentry » Sentry » Version: 22.4.0
    cpe:2.3:a:sentry:sentry:22.4.0
  • Sentry » Sentry » Version: 22.5.0
    cpe:2.3:a:sentry:sentry:22.5.0
  • Sentry » Sentry » Version: 22.6.0
    cpe:2.3:a:sentry:sentry:22.6.0
  • Sentry » Sentry » Version: 22.7.0
    cpe:2.3:a:sentry:sentry:22.7.0
  • Sentry » Sentry » Version: 22.8.0
    cpe:2.3:a:sentry:sentry:22.8.0
  • Sentry » Sentry » Version: 22.9.0
    cpe:2.3:a:sentry:sentry:22.9.0
  • Sentry » Sentry » Version: 23.1.0
    cpe:2.3:a:sentry:sentry:23.1.0
  • Sentry » Sentry » Version: 23.1.1
    cpe:2.3:a:sentry:sentry:23.1.1
  • Sentry » Sentry » Version: 23.2.0
    cpe:2.3:a:sentry:sentry:23.2.0
  • Sentry » Sentry » Version: 23.3.0
    cpe:2.3:a:sentry:sentry:23.3.0
  • Sentry » Sentry » Version: 23.3.1
    cpe:2.3:a:sentry:sentry:23.3.1
  • Sentry » Sentry » Version: 23.4.0
    cpe:2.3:a:sentry:sentry:23.4.0
  • Sentry » Sentry » Version: 23.5.0
    cpe:2.3:a:sentry:sentry:23.5.0
  • Sentry » Sentry » Version: 23.5.1
    cpe:2.3:a:sentry:sentry:23.5.1
  • Sentry » Sentry » Version: 23.5.2
    cpe:2.3:a:sentry:sentry:23.5.2
  • Sentry » Sentry » Version: 23.6.0
    cpe:2.3:a:sentry:sentry:23.6.0
  • Sentry » Sentry » Version: 23.6.1
    cpe:2.3:a:sentry:sentry:23.6.1
  • Sentry » Sentry » Version: 23.6.2
    cpe:2.3:a:sentry:sentry:23.6.2
  • Sentry » Sentry » Version: 23.7.0
    cpe:2.3:a:sentry:sentry:23.7.0
  • Sentry » Sentry » Version: 23.7.1
    cpe:2.3:a:sentry:sentry:23.7.1


Products
Pricing
Contact Us

Shodan ® - All rights reserved