CVE-2024-32474

Summary

CVE-2024-32474 is a vulnerability affecting Sentry, an error tracking and performance monitoring platform. Before version 24.4.1, superuser authentication credentials were leaked in cleartext in logs under the `auth-index.validate_superuser` event. This issue poses a significant risk as an attacker with access to the log data could use these leaked credentials to log in as a superuser. Self-hosted users are strongly advised to upgrade to version 24.4.1 or later to mitigate this vulnerability. As a temporary measure, users can also configure their logging settings to exclude logs of the `INFO` level and only retain logs with levels at `WARNING` or higher.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.