CVE-2024-45605: Improper authorization on deletion of user issue alert notifications in sentry
First published: Tue Sep 17 2024(Updated: )
### Impact An authenticated user may delete user issue alert notifications for arbitrary users given a known alert ID. ### Patches A patch was issued to ensure authorization checks are properly scoped on requests to delete user alert notifications. Sentry SaaS users do not need to take any action. [Self-Hosted Sentry](https://github.com/getsentry/self-hosted) users should upgrade to version **24.9.0** or higher. ### References - [Prevent muting user alerts](https://github.com/getsentry/sentry/pull/77093/)
Credit: security-advisories@github.com security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| pip/sentry | >=23.9.0<24.9.0 | 24.9.0 |
| Sentry Sentry | >=23.9.0<24.9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/getsentry/sentry/security/advisories/GHSA-54m3-95j9-v89j
- https://github.com/getsentry/sentry/pull/77093
- https://github.com/getsentry/self-hosted
- https://github.com/getsentry/sentry/commit/590258255bcb3a5fa4c56f21297b6c99131cfb9d
- https://nvd.nist.gov/vuln/detail/CVE-2024-45605
- https://github.com/advisories/GHSA-54m3-95j9-v89j (Advisory)
- agent/weakness
- agent/first-publish-date
- agent/title
- agent/description
- agent/type
- agent/severity
- agent/event
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-54m3-95j9-v89j
- alias/CVE-2024-45605
- agent/software-canonical-lookup
- agent/references
- agent/author
- collector/mitre-cve
- source/MITRE
- collector/nvd-cve
- source/NVD
- collector/github-advisory
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- package-manager/pip
- vendor/sentry
- canonical/sentry sentry
- version/sentry sentry/23.9.0