CVE-2024-45605

Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scoped on requests to delete user alert notifications. Sentry SaaS users do not need to take any action. Self-Hosted Sentry users should upgrade to version 24.9.0 or higher. There are no known workarounds for this vulnerability.

Published: Sep 17, 2024
Updated: May 4, 2025
CVE: CVE-2024-45605
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWEs:

CWE-639

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
sentry / sentry	23.9.0	24.9.0

https://github.com/getsentry/self-hosted
https://github.com/getsentry/sentry/pull/77093
https://github.com/getsentry/sentry/security/advisories/GHSA-54m3-95j9-v89j

Vulnerability Database

289,784

CVE-2024-45605