CVE-2023-36826

Summary

CVE-2023-36826 is a vulnerability affecting Sentry, an error tracking and performance monitoring platform. Versions 8.21.0 to 23.5.2 are vulnerable, allowing an authenticated user to download a debug or artifact bundle from any organization and project with a known bundle ID, regardless of their membership or permissions. A patch was released in version 23.5.2 to fix this issue by implementing proper authorization checks on bundle retrieval requests. Authenticated users without the necessary permissions can no longer download these bundles. Users of Sentry SaaS are not required to take any action, while self-hosted users should upgrade to version 23.5.2 or higher to remediate the vulnerability. The vulnerability poses a medium risk with a base severity score of 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) according to NIST and a high severity score of 7.7 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N) according to [email protected], potentially leading to unauthorized access and data confidentiality breaches for affected organizations.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.