Home > Vulnerability Database > CVE-2024-32474

Mend.io Vulnerability Database

CVE-2024-32474

Date: April 18, 2024

Sentry is an error tracking and performance monitoring platform. Prior to 24.4.1, when authenticating as a superuser to Sentry with a username and password, the password is leaked as cleartext in logs under the event: "auth-index.validate_superuser". An attacker with access to the log data could use these leaked credentials to login to the Sentry system as superuser. Self-hosted users on affected versions should upgrade to 24.4.1 or later. Users can configure the logging level to exclude logs of the "INFO" level and only generate logs for levels at "WARNING" or more.

Language: Python

Severity Score

7.3

Related Resources (7)

Url: https://github.com/getsentry/sentry/pull/69148

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-32474

Url: https://github.com/getsentry/sentry

Url: https://github.com/getsentry/sentry/security/advisories/GHSA-6cjm-4pxw-7xp9

Url: https://github.com/getsentry/sentry/pull/66393

Url: https://github.com/getsentry/sentry/commit/d5b34568d9f1c41362ccb62141532a0a2169512f

Url: https://www.mend.io/vulnerability-database/CVE-2024-32474

Severity Score

7.3

Weakness Type (CWE)

Cleartext Storage of Sensitive Information

CWE-312

Improper Output Neutralization for Logs

CWE-117

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-32474

Date: April 18, 2024

Language: Python

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?