CVE-2023-39349

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Aug 7, 2023
Updated: Aug 10, 2023
CWE ID 287
CWE ID 284

Summary

CVE-2023-39349 is a cyber vulnerability that affects the Sentry error tracking and performance monitoring platform. The vulnerability exists in versions 22.1.0 to 23.7.1, allowing an attacker with limited or no access to query for a list of all user-created tokens, including those with higher privileges, through the `/api/0/api-tokens/` endpoint. This issue has not been exploited on `sentry.io` but self-hosted users are advised to update to version 23.7.2 to fix the vulnerability and rotate user authentication tokens. There are no known workarounds for this vulnerability. The base severity of this vulnerability is rated as HIGH, with potential impact on confidentiality and integrity of an organization's systems.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-39349 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options