Main Vulnerability Database Vulnerabilities #VU126920

Improper Authentication in sentry - CVE-2023-39531

Published: August 9, 2023 / Updated: April 23, 2026

Vulnerability identifier: #VU126920

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-39531

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
sentry

Software vendor:
Sentry

Description

The vulnerability allows a remote user to obtain a valid access token for another user.

The vulnerability exists due to improper authentication in OAuth token requests when processing the OAuth token exchange. A remote user can submit a crafted token request to obtain a valid access token for another user.

The client ID must be known, the API application must already be authorized on the targeted user account, and user interaction is required.

Remediation

Install security update from vendor's website.

External links

https://github.com/getsentry/sentry/security/advisories/GHSA-hgj4-h2x3-rfx4

Improper Authentication in sentry - CVE-2023-39531

Description

Remediation

External links

Please verify you're human