CVE-2022-23485

Name of the Vulnerable Software and Affected Versions Sentry versions prior to 22.11.0

Description Sentry is an error tracking and performance monitoring platform. An attacker with a known valid invite link could manipulate a cookie to allow the same invite link to be reused on multiple accounts when joining an organization. As a result, an attacker with a valid invite link can create multiple users and join an organization they may not have been originally invited to.

Recommendations For versions prior to 22.11.0, update to version 22.11.0 or later to resolve the issue. For self-hosted Sentry installs that cannot upgrade, disable the invite functionality by editing the sentry.conf.py file and setting SENTRY FEATURES["organizations:invite-members"] to False, then restart the Sentry web service.