Primary

Context

Sentry SAML SSO User Account Takeover Vulnerability

Vulnerability

Patched

A critical vulnerability exists in the SAML Single Sign-On (SSO) implementation of Sentry, versions 21.12.0 through 24.12.1. This vulnerability allows an attacker to take over any user account by exploiting a malicious SAML Identity Provider and targeting another organization on the same Sentry instance. The attack requires knowledge of the victim's email address.

Impact

Exploitation of this vulnerability allows for unauthorized account access, enabling an attacker to impersonate the victim user.

Remediation

Users of self-hosted Sentry should upgrade to version 25.1.0 or higher, unless only a single organization is allowed, in which case no action is needed. Sentry SaaS users have already received the patch.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Sentry SAML SSO User Account Takeover Vulnerability

Vulnerability

Impact

Remediation

Affected Products

getsentry/sentry

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating