PyPi: Sentry

CVE-2024-32474

Safety vulnerability ID: 71926

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Apr 18, 2024 Updated at Nov 29, 2024

Scan your Python projects for vulnerabilities →

Advisory

When authenticating as a superuser to a self-hosted Sentry instance with a username and password, the password is leaked as cleartext in logs under the event: auth-index.validate_superuser. An attacker with access to the log data could use these leaked credentials to log in to the Sentry system as a superuser.

Affected package

sentry

Latest version: 23.7.1

A realtime logging and aggregation server.

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

https://github.com/getsentry/sentry/commit/d5b34568d9f1c41362ccb62141532a0a2169512f
https://github.com/advisories/GHSA-6cjm-4pxw-7xp9
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32474

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application