Main Vulnerability Database SB2022121027

SB2022121027 - Improper access control in sentry

Published: December 10, 2022 Updated: April 23, 2026

Security Bulletin ID SB2022121027

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper access control (CVE-ID: CVE-2022-23485)

The vulnerability allows a remote attacker to join an organization with multiple accounts using the same invite link.

The vulnerability exists due to improper access control in the invite link handling functionality when processing a manipulated cookie during organization signup. A remote attacker can manipulate the cookie and reuse a known valid invite link to join an organization with multiple accounts.

User interaction is required because exploitation depends on use of a valid invite link that has not already been accepted or expired.

Remediation

Install update from vendor's website.

SB2022121027 - Improper access control in sentry

Breakdown by Severity

Description

Remediation

References

Please verify you're human