CVE-2024-24829

Name of the Vulnerable Software and Affected Versions Sentry versions <=24.1.1

Description Sentry is an error tracking and performance monitoring platform with an integration platform for external services. The Phabricator integration contains a constrained SSRF vulnerability, allowing an attacker to make Sentry send POST HTTP requests to arbitrary URLs, including internal IP addresses, by providing unsanitized input. The body payload is constrained to a specific format. This enables an attacker with access to a Sentry instance to interact with the internal network and scan local/remote ports.

Recommendations For Sentry versions <=24.1.1, upgrade to Sentry self-hosted release 24.1.2 to resolve the issue. As a temporary workaround, consider restricting access to the Phabricator integration until the upgrade is applied.