CVE-2023-39531

CVSS 3.1 Score 6.8 of 10 (medium)

Details

Published Aug 9, 2023
Updated: Aug 16, 2023
CWE ID 287

Summary

CVE-2023-39531 is a vulnerability affecting Sentry, an error tracking and performance monitoring platform. In versions 10.0.0 through 23.7.1, there is a flaw in OAuth token exchange that enables an attacker, with known client-side exploits, to retrieve another user's valid access token. This can only be exploited if the attacker has the targeted user's client ID and the API application has already been authorized on their account. SaaS customers of Sentry do not need to take any action, but self-hosted installations must upgrade to version 23.7.2 or higher to mitigate this issue. There are currently no direct workarounds; users should regularly review and remove unneeded applications authorized on their account.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share