What is CVE-2024-41656?

CVE-2024-41656 is a high-severity vulnerability in Getsentry Sentry, classified under Cross-site Scripting. CVSS score: 7.1/10. Published 2024-07-23.

How severe is CVE-2024-41656?

High severity. CVSS v3 base score is 7.1 out of 10.

XSS in Getsentry Sentry

CVE-2024-41656

Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 24.7.1, an unsanitized payload sent by an Integration platform integration allows storing arbitrary HTML tags on the Sentry si…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.042 (88.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H.

Affected products

Getsentry Sentry — versions >= 10.0.0, < 24.7.1

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

https://github.com/getsentry/sentry/security/advisories/GHSA-fm88-hc3v-3www (x_refsource_CONFIRM)
https://github.com/getsentry/sentry/pull/74648 (x_refsource_MISC)
https://github.com/getsentry/sentry/commit/5c679521f1539eabfb81287bfc30f34dbecd373e (x_refsource_MISC)
https://github.com/getsentry/self-hosted/releases/tag/24.7.1 (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-41656?: CVE-2024-41656 is a high-severity vulnerability in Getsentry Sentry, classified under Cross-site Scripting. CVSS score: 7.1/10. Published 2024-07-23.
How severe is CVE-2024-41656?: High severity. CVSS v3 base score is 7.1 out of 10.