CVE-2024-45606

Advisory

A vulnerability in Sentry affected versions enables authenticated users to mute alert rules from arbitrary organizations and projects using known rule IDs, bypassing proper authorization checks. This flaw allows unauthorized access and potential disruption of alert systems across multiple organizations. Although Sentry has not detected any exploits, the vulnerability could permit malicious actors to silence critical alerts without detection, potentially causing severe impact. Sentry has patched this vulnerability, implementing proper authorization scoping for alert rule muting requests.
NOTE: While Sentry automatically protects SaaS users, all self-hosted Sentry users must upgrade to version 24.9.0 or higher immediately.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

• https://github.com/advisories/GHSA-v345-w9f2-mpm5
• https://github.com/getsentry/sentry/commit/e8e71708758e1f9f56ce815ace73fe60d9e608dc
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45606