What is CVE-2023-36829?

CVE-2023-36829 is a medium-severity vulnerability in Getsentry Sentry, classified under Permissive Cross-domain Policy with Untrusted Domains. CVSS score: 6.8/10. Published 2023-07-06.

How severe is CVE-2023-36829?

Medium severity. CVSS v3 base score is 6.8 out of 10.

Auth bypass in Getsentry Sentry

CVE-2023-36829

Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the `access-control-allow-credentials: true` HTTP header if the `Origin` request he…

EPSS: 0.002 (40.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N.

Affected products

Getsentry Sentry — versions >= 23.6.0, < 23.6.2

Weakness classification (CWE)

References

https://github.com/getsentry/sentry/security/advisories/GHSA-4xqm-4p72-87h6 (x_refsource_CONFIRM)
https://github.com/getsentry/sentry/pull/52276 (x_refsource_MISC)
https://github.com/getsentry/sentry/commit/ee44c6be35e5e464bc40637580f39867898acd8b (x_refsource_MISC)
https://github.com/getsentry/self-hosted/releases/tag/23.6.2 (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-36829?: CVE-2023-36829 is a medium-severity vulnerability in Getsentry Sentry, classified under Permissive Cross-domain Policy with Untrusted Domains. CVSS score: 6.8/10. Published 2023-07-06.
How severe is CVE-2023-36829?: Medium severity. CVSS v3 base score is 6.8 out of 10.