SB2023080725 - Multiple vulnerabilities in sentry

Description

This security bulletin contains information about 2 vulnerabilities.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-39349)

The vulnerability allows a remote user to escalate privileges within the application.

The vulnerability exists due to excessive data output by the "/api/0/api-tokens/" API endpoint. A remote user  with access to a token with few or no scopes can query the "/api/0/api-tokens/" URL and list all tokens created by a user, including tokens with greater scopes, and use those tokens in other requests.

2) Improper Authentication (CVE-ID: CVE-2023-39531)

The vulnerability allows a remote user to obtain a valid access token for another user.

The vulnerability exists due to improper authentication in OAuth token requests when processing the OAuth token exchange. A remote user can submit a crafted token request to obtain a valid access token for another user.

The client ID must be known, the API application must already be authorized on the targeted user account, and user interaction is required.

Remediation

Install update from vendor's website.

References

• https://github.com/getsentry/sentry/security/advisories/GHSA-9jcq-jf57-c62c
• https://github.com/getsentry/sentry/security/advisories/GHSA-hgj4-h2x3-rfx4