CVE-2023-36829 - OpenCVE

Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the `access-control-allow-credentials: true` HTTP header if the `Origin` request header ends with the `system.base-hostname` option of Sentry installation. This only affects installations that have `system.base-hostname` option explicitly set, as it is empty by default. Impact is limited since recent versions of major browsers have cross-site cookie blocking enabled by default. However, this flaw could allow other multi-step attacks. The patch has been released in Sentry 23.6.2.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Functional	Sentry
Sentry	Sentry

Configuration 1 [-]

cpe:2.3:a:functional:sentry:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/getsentry/self-hosted/releases/tag/23.6.2
https://github.com/getsentry/sentry/commit/ee44c6be35e5e464bc40637580f39867898acd8b
https://github.com/getsentry/sentry/pull/52276
https://github.com/getsentry/sentry/security/advisories/GHSA-4xqm-4p72-87h6

History

Wed, 06 Nov 2024 17:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Sentry Sentry sentry
CPEs		cpe:2.3:a:sentry:sentry::::::::
Vendors & Products		Sentry Sentry sentry
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-07-06T22:08:58.922Z

Updated: 2024-11-06T16:44:37.019Z

Reserved: 2023-06-27T15:43:18.388Z

Link: CVE-2023-36829

Vulnrichment

Updated: 2024-08-02T17:01:09.196Z

NVD

Status : Analyzed

Published: 2023-07-06T23:15:09.620

Modified: 2023-07-17T18:56:00.163

Link: CVE-2023-36829

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-36829", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-06-27T15:43:18.388Z", "datePublished": "2023-07-06T22:08:58.922Z", "dateUpdated": "2024-11-06T16:44:37.019Z"}, "containers": {"cna": {"title": "Sentry CORS misconfiguration vulnerability", "problemTypes": [{"descriptions": [{"cweId": "CWE-942", "lang": "en", "description": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-863", "lang": "en", "description": "CWE-863: Incorrect Authorization", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/getsentry/sentry/security/advisories/GHSA-4xqm-4p72-87h6", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/getsentry/sentry/security/advisories/GHSA-4xqm-4p72-87h6"}, {"name": "https://github.com/getsentry/sentry/pull/52276", "tags": ["x_refsource_MISC"], "url": "https://github.com/getsentry/sentry/pull/52276"}, {"name": "https://github.com/getsentry/sentry/commit/ee44c6be35e5e464bc40637580f39867898acd8b", "tags": ["x_refsource_MISC"], "url": "https://github.com/getsentry/sentry/commit/ee44c6be35e5e464bc40637580f39867898acd8b"}, {"name": "https://github.com/getsentry/self-hosted/releases/tag/23.6.2", "tags": ["x_refsource_MISC"], "url": "https://github.com/getsentry/self-hosted/releases/tag/23.6.2"}], "affected": [{"vendor": "getsentry", "product": "sentry", "versions": [{"version": ">= 23.6.0, < 23.6.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-07-06T22:08:58.922Z"}, "descriptions": [{"lang": "en", "value": "Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the `access-control-allow-credentials: true` HTTP header if the `Origin` request header ends with the `system.base-hostname` option of Sentry installation. This only affects installations that have `system.base-hostname` option explicitly set, as it is empty by default. Impact is limited since recent versions of major browsers have cross-site cookie blocking enabled by default. However, this flaw could allow other multi-step attacks. The patch has been released in Sentry 23.6.2."}], "source": {"advisory": "GHSA-4xqm-4p72-87h6", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:01:09.196Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/getsentry/sentry/security/advisories/GHSA-4xqm-4p72-87h6", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/getsentry/sentry/security/advisories/GHSA-4xqm-4p72-87h6"}, {"name": "https://github.com/getsentry/sentry/pull/52276", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/getsentry/sentry/pull/52276"}, {"name": "https://github.com/getsentry/sentry/commit/ee44c6be35e5e464bc40637580f39867898acd8b", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/getsentry/sentry/commit/ee44c6be35e5e464bc40637580f39867898acd8b"}, {"name": "https://github.com/getsentry/self-hosted/releases/tag/23.6.2", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/getsentry/self-hosted/releases/tag/23.6.2"}]}, {"affected": [{"vendor": "sentry", "product": "sentry", "cpes": ["cpe:2.3:a:sentry:sentry:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "23.6.0", "status": "affected", "lessThan": "23.6.2", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-06T16:41:56.650447Z", "id": "CVE-2023-36829", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-06T16:44:37.019Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-36829", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-06-27T15:43:18.388Z", "datePublished": "2023-07-06T22:08:58.922Z", "dateUpdated": "2024-11-06T16:44:37.019Z"}, "containers": {"cna": {"title": "Sentry CORS misconfiguration vulnerability", "problemTypes": [{"descriptions": [{"cweId": "CWE-942", "lang": "en", "description": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-863", "lang": "en", "description": "CWE-863: Incorrect Authorization", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/getsentry/sentry/security/advisories/GHSA-4xqm-4p72-87h6", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/getsentry/sentry/security/advisories/GHSA-4xqm-4p72-87h6"}, {"name": "https://github.com/getsentry/sentry/pull/52276", "tags": ["x_refsource_MISC"], "url": "https://github.com/getsentry/sentry/pull/52276"}, {"name": "https://github.com/getsentry/sentry/commit/ee44c6be35e5e464bc40637580f39867898acd8b", "tags": ["x_refsource_MISC"], "url": "https://github.com/getsentry/sentry/commit/ee44c6be35e5e464bc40637580f39867898acd8b"}, {"name": "https://github.com/getsentry/self-hosted/releases/tag/23.6.2", "tags": ["x_refsource_MISC"], "url": "https://github.com/getsentry/self-hosted/releases/tag/23.6.2"}], "affected": [{"vendor": "getsentry", "product": "sentry", "versions": [{"version": ">= 23.6.0, < 23.6.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-07-06T22:08:58.922Z"}, "descriptions": [{"lang": "en", "value": "Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the `access-control-allow-credentials: true` HTTP header if the `Origin` request header ends with the `system.base-hostname` option of Sentry installation. This only affects installations that have `system.base-hostname` option explicitly set, as it is empty by default. Impact is limited since recent versions of major browsers have cross-site cookie blocking enabled by default. However, this flaw could allow other multi-step attacks. The patch has been released in Sentry 23.6.2."}], "source": {"advisory": "GHSA-4xqm-4p72-87h6", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:01:09.196Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/getsentry/sentry/security/advisories/GHSA-4xqm-4p72-87h6", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/getsentry/sentry/security/advisories/GHSA-4xqm-4p72-87h6"}, {"name": "https://github.com/getsentry/sentry/pull/52276", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/getsentry/sentry/pull/52276"}, {"name": "https://github.com/getsentry/sentry/commit/ee44c6be35e5e464bc40637580f39867898acd8b", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/getsentry/sentry/commit/ee44c6be35e5e464bc40637580f39867898acd8b"}, {"name": "https://github.com/getsentry/self-hosted/releases/tag/23.6.2", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/getsentry/self-hosted/releases/tag/23.6.2"}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-36829", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-06T16:41:56.650447Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:sentry:sentry:*:*:*:*:*:*:*:*"], "vendor": "sentry", "product": "sentry", "versions": [{"status": "affected", "version": "23.6.0", "lessThan": "23.6.2", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-06T16:42:48.770Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:functional:sentry:*:*:*:*:*:*:*:*", "matchCriteriaId": "D219E572-0813-4204-842D-B1CD57BBB397", "versionEndExcluding": "23.6.2", "versionStartIncluding": "23.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the `access-control-allow-credentials: true` HTTP header if the `Origin` request header ends with the `system.base-hostname` option of Sentry installation. This only affects installations that have `system.base-hostname` option explicitly set, as it is empty by default. Impact is limited since recent versions of major browsers have cross-site cookie blocking enabled by default. However, this flaw could allow other multi-step attacks. The patch has been released in Sentry 23.6.2."}], "id": "CVE-2023-36829", "lastModified": "2023-07-17T18:56:00.163", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-07-06T23:15:09.620", "references": [{"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/getsentry/self-hosted/releases/tag/23.6.2"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/getsentry/sentry/commit/ee44c6be35e5e464bc40637580f39867898acd8b"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/getsentry/sentry/pull/52276"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/getsentry/sentry/security/advisories/GHSA-4xqm-4p72-87h6"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-697"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-863"}, {"lang": "en", "value": "CWE-942"}], "source": "security-advisories@github.com", "type": "Secondary"}]}