Home > Vulnerability Database > CVE-2024-45605

Mend.io Vulnerability Database

CVE-2024-45605

Good to know:

Date: September 17, 2024

Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scoped on requests to delete user alert notifications. Sentry SaaS users do not need to take any action. Self-Hosted Sentry users should upgrade to version 24.9.0 or higher. There are no known workarounds for this vulnerability.

Severity Score

6.5

Related Resources (7)

Url: https://github.com/getsentry/sentry/security/advisories/GHSA-54m3-95j9-v89j

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-45605

Url: https://github.com/getsentry/sentry/commit/590258255bcb3a5fa4c56f21297b6c99131cfb9d

Url: https://github.com/getsentry/sentry

Url: https://github.com/getsentry/self-hosted

Url: https://github.com/getsentry/sentry/pull/77093

Url: https://www.mend.io/vulnerability-database/CVE-2024-45605

Severity Score

6.5

Weakness Type (CWE)

Authorization Bypass Through User-Controlled Key

CWE-639

Top Fix

Upgrade Version

Upgrade to version 24.9.0

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-45605

Good to know:

Date: September 17, 2024

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?