Lucene search

FreeBSD15DAE5CC-9EE6-4577-A93E-2AB57780E707

HistoryMar 21, 2023 - 12:00 a.m.

py39-sentry-sdk -- sensitive cookies leak

2023-03-2100:00:00

vuxml.freebsd.org

django sentry cookies leak

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N

0.001 Low

EPSS

Percentile

38.7%

JSON

Tom Wolters reports:

When using the Django integration of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry.
These sensitive cookies could then be used by someone with access to your Sentry issues to impersonate or escalate their privileges within your application.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchpy39-sentry-sdk< 1.14.0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	py39-sentry-sdk	< 1.14.0	UNKNOWN

References

osv.dev/vulnerability/GHSA-29pr-6jr8-q5jm

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N

0.001 Low

EPSS

Percentile

38.7%

JSON

Related for 15DAE5CC-9EE6-4577-A93E-2AB57780E707