CVE-2023-36826

CVSS Score of 10 (low)

Details

Published Jul 25, 2023
Updated: Aug 2, 2023
CWE ID 285
CWE ID 863

Summary

CVE-2023-36826 is a vulnerability affecting Sentry, an error tracking and performance monitoring platform. Versions 8.21.0 to 23.5.2 are vulnerable, allowing an authenticated user to download a debug or artifact bundle from any organization and project with a known bundle ID, regardless of their membership or permissions. A patch was released in version 23.5.2 to fix this issue by implementing proper authorization checks on bundle retrieval requests. Authenticated users without the necessary permissions can no longer download these bundles. Users of Sentry SaaS are not required to take any action, while self-hosted users should upgrade to version 23.5.2 or higher to remediate the vulnerability. The vulnerability poses a medium risk with a base severity score of 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) according to NIST and a high severity score of 7.7 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N) according to [email protected], potentially leading to unauthorized access and data confidentiality breaches for affected organizations.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-36826 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options