Detections
Analytics

SCA: security update for sentry (GHSA-v345-w9f2-mpm5)

high Tenable Cloud Security Plugin ID 419026

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

 - Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can
 mute alert rules from arbitrary organizations and projects with a know rule ID. The user does not need to
 be a member of the organization or have permissions on the project. In our review, we have identified no
 instances where alerts have been muted by unauthorized parties. A patch was issued to ensure authorization
 checks are properly scoped on requests to mute alert rules. Authenticated users who do not have the
 necessary permissions are no longer able to mute alerts. Sentry SaaS users do not need to take any action.
 Self-Hosted Sentry users should upgrade to version **24.9.0** or higher. The rule mute feature was
 generally available as of 23.6.0 but users with early access may have had the feature as of 23.4.0.
 Affected users are advised to upgrade to version 24.9.0. There are no known workarounds for this
 vulnerability. (CVE-2024-45606)

See Also

https://github.com/advisories/GHSA-v345-w9f2-mpm5

Plugin Details

Severity: High

ID: 419026

Version: Revision 1.5

Type: Local

Family: SCA Checks

Published: 1/23/2025

Updated: 6/30/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 1.4

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS Score Source: CVE-2024-45606

CVSS v3

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS v4

Risk Factor: High

Base Score: 7.1

Threat Score: 5

Threat Vector: CVSS:4.0/E:U

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 9/17/2024

Vulnerability Publication Date: 9/17/2024

Reference Information

CVE: CVE-2024-45606

cwe: CWE-639