CVE-2023-39531

Name of the Vulnerable Software and Affected Versions Sentry versions 10.0.0 through 23.7.2

Description The issue allows an attacker with sufficient client-side exploits to retrieve a valid access token for another user during the OAuth token exchange due to incorrect credential validation. The client ID must be known and the API application must have already been authorized on the targeted user account. Users should review applications authorized on their account and remove any that are no longer needed.

Recommendations Self-hosted installations should upgrade to version 23.7.2 or higher. Sentry SaaS customers do not need to take any action. As a temporary workaround, consider reviewing applications authorized on your account and remove any that are no longer needed.