CVE-2023-36829
July 06, 2023
Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the "access-control-allow-credentials: true" HTTP header if the "Origin" request header ends with the "system.base-hostname" option of Sentry installation. This only affects installations that have "system.base-hostname" option explicitly set, as it is empty by default. Impact is limited since recent versions of major browsers have cross-site cookie blocking enabled by default. However, this flaw could allow other multi-step attacks. The patch has been released in Sentry 23.6.2.
Affected Packages
sentry (PYTHON):
Affected version(s) >=23.6.0 <23.6.2Fix Suggestion:
Update to version 23.6.2Related Resources (8)
Do you need more information?
Contact UsCVSS v4
Base Score:
7.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
PASSIVE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
6.8
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE
Weakness Type (CWE)
EPSS
Base Score:
0.15
