Vulnerability Details CVE-2024-45605
Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scoped on requests to delete user alert notifications. Sentry SaaS users do not need to take any action. Self-Hosted Sentry users should upgrade to version 24.9.0 or higher. There are no known workarounds for this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.8%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2024-45605
-
cpe:2.3:a:sentry:sentry:23.10.0
-
cpe:2.3:a:sentry:sentry:23.10.1
-
cpe:2.3:a:sentry:sentry:23.11.0
-
cpe:2.3:a:sentry:sentry:23.11.1
-
cpe:2.3:a:sentry:sentry:23.11.2
-
cpe:2.3:a:sentry:sentry:23.12.0
-
cpe:2.3:a:sentry:sentry:23.12.1
-
cpe:2.3:a:sentry:sentry:23.9.0
-
cpe:2.3:a:sentry:sentry:23.9.1
-
cpe:2.3:a:sentry:sentry:24.1.0
-
cpe:2.3:a:sentry:sentry:24.1.1
-
cpe:2.3:a:sentry:sentry:24.1.2
-
cpe:2.3:a:sentry:sentry:24.2.0
-
cpe:2.3:a:sentry:sentry:24.3.0
-
cpe:2.3:a:sentry:sentry:24.4.0
-
cpe:2.3:a:sentry:sentry:24.4.1
-
cpe:2.3:a:sentry:sentry:24.4.2
-
cpe:2.3:a:sentry:sentry:24.5.0
-
cpe:2.3:a:sentry:sentry:24.5.1
-
cpe:2.3:a:sentry:sentry:24.6.0
-
cpe:2.3:a:sentry:sentry:24.7.0
-
cpe:2.3:a:sentry:sentry:24.7.1
-
cpe:2.3:a:sentry:sentry:24.8.0