Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.1
CVE-2024-45605: Sentry: Unauthorized access to user alert notifications
GHSA-54m3-95j9-v89j
CVE-2024-45605
Summary
An attacker with a Sentry account could delete alert notifications for other users. This is fixed in Sentry version 24.9.0 or higher, and self-hosted users should update. If you self-host Sentry, make sure to upgrade to the latest version to prevent unauthorized access.
What to do
- Update sentry to version 24.9.0.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| pip | – | sentry |
>= 23.9.0, < 24.9.0 Fix: upgrade to 24.9.0
|
| – | sentry | sentry |
>= 23.9.0, < 24.9.0 cpe:2.3:a:sentry:sentry:*:*:*:*:*:*:*:* |
Original title
Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch wa...
Original description
Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scoped on requests to delete user alert notifications. Sentry SaaS users do not need to take any action. Self-Hosted Sentry users should upgrade to version 24.9.0 or higher. There are no known workarounds for this vulnerability.
ghsa CVSS3.1
6.5
ghsa CVSS4.0
7.1
Vulnerability type
CWE-639
Authorization Bypass Through User-Controlled Key
- https://github.com/getsentry/sentry/security/advisories/GHSA-54m3-95j9-v89j
- https://github.com/getsentry/sentry/pull/77093
- https://github.com/getsentry/sentry/commit/590258255bcb3a5fa4c56f21297b6c99131cf...
- https://nvd.nist.gov/vuln/detail/CVE-2024-45605
- https://github.com/getsentry/self-hosted
- https://github.com/advisories/GHSA-54m3-95j9-v89j
Published: 17 Sep 2024 · Updated: 15 Jun 2026 · First seen: 6 Mar 2026