Primary

Context

Sentry Weak Authorization Control Vulnerability Allowing Unauthorized Actions on Project Issues

Vulnerability

Patched

A vulnerability in Sentry versions 25.1.0 through 25.5.1 allows authenticated attackers to perform unauthorized actions on a project's issue endpoint. This includes actions such as adding comments, without being a member of the project's team. The vulnerability requires knowledge of a seven-digit issue ID, which is not confidential and may be publicly available or predictable.

Impact

Exploitation of this vulnerability could lead to unauthorized modifications of project issues, such as adding comments without proper authorization.

Reproduction

To reproduce this vulnerability, an authenticated user must access a project's issue endpoint while knowing a valid seven-digit issue ID. The user can then perform unauthorized actions, such as adding comments, without being a member of the project's team.

Remediation

Users are advised to upgrade to Sentry version 25.6.1, which addresses this vulnerability.

Added: Jun 24, 2025, 7:04 PM

Updated: Jun 24, 2025, 7:04 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

5.2

remediation

7.7

relevance

0.2

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

5.2

remediation

7.7

relevance

0.2

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Sentry Weak Authorization Control Vulnerability Allowing Unauthorized Actions on Project Issues

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Sentry

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating