Improper Access Control Affecting sentry package, versions [20.6.0,22.11.0)
Threat Intelligence
EPSS
0.07% (33rd
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-SENTRY-3167267
- published 11 Dec 2022
- disclosed 11 Dec 2022
- credit Unknown
Introduced: 11 Dec 2022
CVE-2022-23485 Open this link in a new tabHow to fix?
Upgrade sentry
to version 22.11.0 or higher.
Overview
Affected versions of this package are vulnerable to Improper Access Control. With a known valid invite link (i.e. not a used one or expired one), an unauthenticated attacker can manipulate the cookie to allow the same invite link to be reused on multiple accounts when joining an organization.
References
CVSS Scores
version 3.1