GHSA-9jcq-jf57-c62c

Source

https://github.com/advisories/GHSA-9jcq-jf57-c62c

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/08/GHSA-9jcq-jf57-c62c/GHSA-9jcq-jf57-c62c.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-9jcq-jf57-c62c

Aliases

CVE-2023-39349

Published

2023-08-08T20:46:12Z

Modified

2023-11-10T05:38:16.920417Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

Privilege escalation via ApiTokensEndpoint

Details

Impact

An attacker with access to a token with few or no scopes can query /api/0/api-tokens/ for a list of all tokens created by a user, including tokens with greater scopes, and use those tokens in other requests.

There is no evidence that the issue was exploited on https://sentry.io. For self-hosted users, it is advised to rotate user auth tokens via https://your-self-hosted-sentry-installation/settings/account/api/auth-tokens/.

Patches

The issue was fixed in https://github.com/getsentry/sentry/pull/53850 and is available in the release 23.7.2 of sentry and self-hosted.

Workarounds

There are no known workarounds.

Database specific

{
    "cwe_ids": [
        "CWE-284"
    ],
    "nvd_published_at": "2023-08-07T19:15:11Z",
    "github_reviewed_at": "2023-08-08T20:46:12Z",
    "github_reviewed": true,
    "severity": "HIGH"
}

References

Affected packages

PyPI / sentry

Package

Name: sentry; View open source insights on deps.dev
Purl: pkg:pypi/sentry

Affected ranges

Type: ECOSYSTEM
Events: Introduced

22.1.0

Fixed

23.7.2

Affected versions

22.*

22.1.0

22.2.0

22.3.0

22.4.0

22.5.0

22.6.0

22.7.0

22.8.0

22.9.0

22.10.0

22.11.0

22.12.0

23.*

23.1.0

23.1.1

23.2.0

23.3.0

23.3.1

23.4.0

23.5.0

23.5.1

23.5.2

23.6.0

23.6.1

23.6.2

23.7.0

23.7.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/08/GHSA-9jcq-jf57-c62c/GHSA-9jcq-jf57-c62c.json"