CVE-2023-36829 - OpenCVE

Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the `access-control-allow-credentials: true` HTTP header if the `Origin` request header ends with the `system.base-hostname` option of Sentry installation. This only affects installations that have `system.base-hostname` option explicitly set, as it is empty by default. Impact is limited since recent versions of major browsers have cross-site cookie blocking enabled by default. However, this flaw could allow other multi-step attacks. The patch has been released in Sentry 23.6.2.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Functional	Sentry

Configuration 1 [-]

cpe:2.3:a:functional:sentry:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/getsentry/self-hosted/releases/tag/23.6.2	Release Notes
https://github.com/getsentry/sentry/commit/ee44c6be35e5e464bc40637580f39867898acd8b	Patch
https://github.com/getsentry/sentry/pull/52276	Patch
https://github.com/getsentry/sentry/security/advisories/GHSA-4xqm-4p72-87h6	Patch

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-07-06T22:08:58.922Z

Updated: 2023-07-06T22:08:58.922Z

Reserved: 2023-06-27T15:43:18.388Z

Link: CVE-2023-36829

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-07-06T23:15:09.620

Modified: 2023-07-17T18:56:00.163

Link: CVE-2023-36829

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-36829", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-06-27T15:43:18.388Z", "datePublished": "2023-07-06T22:08:58.922Z", "dateUpdated": "2023-07-06T22:08:58.922Z"}, "containers": {"cna": {"title": "Sentry CORS misconfiguration vulnerability", "problemTypes": [{"descriptions": [{"cweId": "CWE-942", "lang": "en", "description": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-863", "lang": "en", "description": "CWE-863: Incorrect Authorization", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/getsentry/sentry/security/advisories/GHSA-4xqm-4p72-87h6", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/getsentry/sentry/security/advisories/GHSA-4xqm-4p72-87h6"}, {"name": "https://github.com/getsentry/sentry/pull/52276", "tags": ["x_refsource_MISC"], "url": "https://github.com/getsentry/sentry/pull/52276"}, {"name": "https://github.com/getsentry/sentry/commit/ee44c6be35e5e464bc40637580f39867898acd8b", "tags": ["x_refsource_MISC"], "url": "https://github.com/getsentry/sentry/commit/ee44c6be35e5e464bc40637580f39867898acd8b"}, {"name": "https://github.com/getsentry/self-hosted/releases/tag/23.6.2", "tags": ["x_refsource_MISC"], "url": "https://github.com/getsentry/self-hosted/releases/tag/23.6.2"}], "affected": [{"vendor": "getsentry", "product": "sentry", "versions": [{"version": ">= 23.6.0, < 23.6.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-07-06T22:08:58.922Z"}, "descriptions": [{"lang": "en", "value": "Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the `access-control-allow-credentials: true` HTTP header if the `Origin` request header ends with the `system.base-hostname` option of Sentry installation. This only affects installations that have `system.base-hostname` option explicitly set, as it is empty by default. Impact is limited since recent versions of major browsers have cross-site cookie blocking enabled by default. However, this flaw could allow other multi-step attacks. The patch has been released in Sentry 23.6.2."}], "source": {"advisory": "GHSA-4xqm-4p72-87h6", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:functional:sentry:*:*:*:*:*:*:*:*", "matchCriteriaId": "D219E572-0813-4204-842D-B1CD57BBB397", "versionEndExcluding": "23.6.2", "versionStartIncluding": "23.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the `access-control-allow-credentials: true` HTTP header if the `Origin` request header ends with the `system.base-hostname` option of Sentry installation. This only affects installations that have `system.base-hostname` option explicitly set, as it is empty by default. Impact is limited since recent versions of major browsers have cross-site cookie blocking enabled by default. However, this flaw could allow other multi-step attacks. The patch has been released in Sentry 23.6.2."}], "id": "CVE-2023-36829", "lastModified": "2023-07-17T18:56:00.163", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-07-06T23:15:09.620", "references": [{"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/getsentry/self-hosted/releases/tag/23.6.2"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/getsentry/sentry/commit/ee44c6be35e5e464bc40637580f39867898acd8b"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/getsentry/sentry/pull/52276"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/getsentry/sentry/security/advisories/GHSA-4xqm-4p72-87h6"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-697"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-863"}, {"lang": "en", "value": "CWE-942"}], "source": "security-advisories@github.com", "type": "Secondary"}]}