Lucene search

Veracode Vulnerability DatabaseVERACODE:41735

HistoryJul 26, 2023 - 11:15 a.m.

Missing Authorization

2023-07-2611:15:02

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

sentry

authorization

vulnerability

download function

debug_files.py

unauthenticated users

arbitrary file downloads

organization security

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

26.2%

JSON

sentry is vulnerable to Missing Authorization. The vulnerability exists in the download function at debug_files.py due to not restricting file downloads to unauthenticated users of a different project which allows an attacker to perform arbitrary file downloads of debug or artifact bundles of an organization.

CPENameOperatorVersion
sentryle23.5.1
sentryle9.0.0
sentryle23.5.1
sentryle9.0.0

Name	Operator	Version
sentry	le	23.5.1
sentry	le	9.0.0
sentry	le	23.5.1
sentry	le	9.0.0

References

github.com/advisories/GHSA-m4hc-m2v6-hfw8

github.com/getsentry/sentry/commit/e932b15435bf36239431eaa3790a6bcfa47046a9

github.com/getsentry/sentry/pull/49680

github.com/getsentry/sentry/security/advisories/GHSA-m4hc-m2v6-hfw8

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

26.2%

JSON

Related for VERACODE:41735