Improper Authentication in sentry - CVE-2023-39531

 

Improper Authentication in sentry - CVE-2023-39531

Published: August 9, 2023 / Updated: April 23, 2026


Vulnerability identifier: #VU126920
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-39531
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Sentry
Affected software:
sentry

Detailed vulnerability description

The vulnerability allows a remote user to obtain a valid access token for another user.

The vulnerability exists due to improper authentication in OAuth token requests when processing the OAuth token exchange. A remote user can submit a crafted token request to obtain a valid access token for another user.

The client ID must be known, the API application must already be authorized on the targeted user account, and user interaction is required.


How to mitigate CVE-2023-39531

Install security update from vendor's website.

Sources