Ltidi2000

**Name of the Vulnerable Software and Affected Versions** Sentry versions 22.1.0 through 23.7.2 **Description** Sentry is an error tracking and performance monitoring platform. An attacker with access to a token with few or no scopes can query "/api/0/api-tokens/" for a list of all tokens created by a user, including tokens with greater scopes, and use those tokens in other requests. There is no evidence that the issue was exploited on sentry.io. **Recommendations** For self-hosted users, it is advised to rotate user auth tokens. A fix is available in version 23.7.2 of sentry and self-hosted. As a temporary workaround, consider restricting access to the `/api/0/api-tokens/` endpoint until a patch is applied.