Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS02Y2ptLTRweHctN3hwOc4AA7Lx

Sentry vulnerable to leaking superuser cleartext password in logs

Impact

When authenticating as a superuser to a self-hosted Sentry instance with a username and password, the password is leaked as cleartext in logs under the event: auth-index.validate_superuser. An attacker with access to the log data could use these leaked credentials to login to the Sentry system as superuser.

Patches

Workarounds

Users can configure the logging level to exclude logs of the INFO level and only generate logs for levels at WARNING or higher. For details on configuring self-hosted Sentry's logging level see our documentation at: https://develop.sentry.dev/config/#logging

References

Permalink: https://github.com/advisories/GHSA-6cjm-4pxw-7xp9
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02Y2ptLTRweHctN3hwOc4AA7Lx
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 1 month ago
Updated: about 1 month ago


CVSS Score: 7.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Identifiers: GHSA-6cjm-4pxw-7xp9, CVE-2024-32474
References: Repository: https://github.com/getsentry/sentry
Blast Radius: 16.9

Affected Packages

pypi:sentry
Dependent packages: 19
Dependent repositories: 209
Downloads: 3,664 last month
Affected Version Ranges: >= 24.3.0, < 24.4.1
Fixed in: 24.4.1
All affected versions:
All unaffected versions: 2.0.0, 2.0.1, 2.0.2, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.8.0, 2.8.1, 2.8.2, 2.9.0, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.2.0, 3.3.0, 3.3.1, 3.3.2, 3.4.0, 3.4.1, 3.4.2, 3.5.0, 3.5.1, 3.5.2, 3.5.3, 3.5.4, 3.5.5, 3.5.6, 3.5.7, 3.5.8, 3.5.9, 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.6.4, 3.7.0, 3.7.1, 3.7.2, 3.7.3, 3.7.4, 3.8.0, 3.8.1, 3.8.2, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.0.10, 4.0.11, 4.0.12, 4.0.13, 4.0.14, 4.0.15, 4.0.16, 4.0.17, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.1.7, 4.2.0, 4.2.1, 4.2.2, 4.2.4, 4.2.5, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.4.5, 4.4.6, 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.5.4, 4.5.5, 4.5.6, 4.5.7, 4.6.0, 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.7.5, 4.7.6, 4.7.7, 4.7.8, 4.7.9, 4.8.0, 4.8.1, 4.8.2, 4.8.3, 4.8.4, 4.8.5, 4.8.6, 4.9.0, 4.9.1, 4.9.2, 4.9.3, 4.9.4, 4.9.5, 4.9.6, 4.9.7, 4.9.8, 4.10.0, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18, 5.0.19, 5.0.20, 5.0.21, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.5, 5.2.0, 5.2.1, 5.2.2, 5.3.0, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.4.0, 5.4.1, 5.4.2, 5.4.3, 5.4.4, 5.4.5, 5.4.6, 5.4.7, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.1.0, 6.1.1, 6.1.2, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 7.0.0, 7.0.1, 7.0.2, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.2.0, 7.3.0, 7.3.1, 7.3.2, 7.4.0, 7.4.1, 7.4.3, 7.5.0, 7.5.1, 7.5.2, 7.5.3, 7.5.4, 7.5.6, 7.6.0, 7.6.2, 7.7.0, 7.7.1, 7.7.4, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.3.0, 8.3.1, 8.3.2, 8.3.3, 8.4.0, 8.4.1, 8.5.0, 8.5.1, 8.6.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, 8.13.0, 8.14.0, 8.14.1, 8.15.0, 8.16.0, 8.16.1, 8.17.0, 8.18.0, 8.19.0, 8.20.0, 8.21.0, 8.22.0, 9.0.0, 9.1.0, 9.1.1, 9.1.2, 10.0.0, 10.0.1, 20.6.0, 20.7.0, 20.7.1, 20.7.2, 20.8.0, 20.10.1, 20.11.0, 20.11.1, 20.12.0, 20.12.1, 21.1.0, 21.2.0, 21.3.0, 21.3.1, 21.4.0, 21.4.1, 21.5.0, 21.5.1, 21.6.0, 21.6.1, 21.6.2, 21.6.3, 21.7.0, 21.8.0, 21.9.0, 21.10.0, 21.11.0, 21.12.0, 22.1.0, 22.2.0, 22.3.0, 22.4.0, 22.5.0, 22.6.0, 22.7.0, 22.8.0, 22.9.0, 22.10.0, 22.11.0, 22.12.0, 23.1.0, 23.1.1, 23.2.0, 23.3.0, 23.3.1, 23.4.0, 23.5.0, 23.5.1, 23.5.2, 23.6.0, 23.6.1, 23.6.2, 23.7.0, 23.7.1