CVE-2024-45605
Improper authorization on deletion of user issue alert notifications in sentrySentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scoped on requests to delete user alert notifications. Sentry SaaS users do not need to take any action. Self-Hosted Sentry users should upgrade to version 24.9.0 or higher. There are no known workarounds for this vulnerability.
We have discovered 15 live websites that are affected by CVE-2024-45605.
Affected Software
| Product |  Sentry Server |
| Category | Error and Exception Monitoring |
| Vulnerable Domains | 15 live websites (31% of Sentry Server install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 4 versions ( 25% of all versions) |
Common Weakness Enumeration
CWE-639 Authorization Bypass Through User-Controlled KeyDetails
- Published - Sep 17, 2024
- Updated - Sep 18, 2024
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2024-45605 United States | 3 websites |
 Germany | 6 websites |
 Italy | 2 websites |
 Russia | 2 websites |
 Switzerland | 1 websites |
 GB | 1 websites |
Website Distribution by TLD
Number of websites using CVE-2024-45605| .com | 3 websites |
| .it | 3 websites |
| .co | 1 websites |
| .de | 1 websites |
| .eu | 1 websites |
| .io | 1 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-45605
Top websites that are affected by CVE-2024-45605. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ******.********.eu | Switzerland | ***,*** | |
| ******.******.com | United States | *,***,*** | |
| ******.****.*.io | GB | *,***,*** | |
| ******.****.biz | Russia | **,***,*** | |
| *******.*******.no | Germany | **,***,*** | |
| *******.******************.com | Germany | **,***,*** | |
| *********.*************.de | Germany | **,***,*** | |
| ***.co | Germany | **,***,*** | |
| ******.*****.no | United States | **,***,*** | |
| **********.************.it | Germany | **,***,*** |
FAQ
CVE-2024-45605 is Authorization Bypass Through User-Controlled Key in Sentry Server
A total of 15 websites have been identified as vulnerable to CVE-2024-45605, based on global website indexing conducted by WebTechSurvey.
The Sentry Server is affected by the CVE-2024-45605 vulnerability.
Sentry Server versions up to 24.9 are vulnerable to CVE-2024-45605.
CVE-2024-45605 is resolved in version 24.9 of Sentry Server.