CVE-2024-45605: Sentry improperly authorizes deletion of user issue alert notifications
An authenticated user may delete user issue alert notifications for arbitrary users given a known alert ID.
References
- github.com/advisories/GHSA-54m3-95j9-v89j
- github.com/getsentry/self-hosted
- github.com/getsentry/sentry
- github.com/getsentry/sentry/commit/590258255bcb3a5fa4c56f21297b6c99131cfb9d
- github.com/getsentry/sentry/pull/77093
- github.com/getsentry/sentry/security/advisories/GHSA-54m3-95j9-v89j
- nvd.nist.gov/vuln/detail/CVE-2024-45605
Detect and mitigate CVE-2024-45605 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →