CVE-2024-45606

Name of the Vulnerable Software and Affected Versions: Sentry versions prior to 24.9.0

Description: Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a known rule ID, without needing to be a member of the organization or having permissions on the project. A patch was issued to ensure authorization checks are properly scoped on requests to mute alert rules, preventing authenticated users without necessary permissions from muting alerts. There have been no identified instances of alerts being muted by unauthorized parties.

Recommendations: For Self-Hosted Sentry users, upgrade to version 24.9.0 or higher to ensure authorization checks are properly scoped. Sentry SaaS users do not need to take any action. As a temporary workaround, consider restricting access to the alert rule mute feature until the patch is applied. There are no known workarounds for this issue.