CVE-2023-36826
📋 TL;DR
This vulnerability allows authenticated Sentry users to download debug or artifact bundles from any organization or project without proper authorization, even if they are not members. It affects self-hosted Sentry installations running versions 8.21.0 through 23.5.1. Sentry SaaS users are not affected.
💻 Affected Systems
- Sentry (self-hosted)
📦 What is this software?
Sentry by Sentry
⚠️ Risk & Real-World Impact
Worst Case
An authenticated attacker could exfiltrate sensitive debugging information, source code artifacts, or proprietary data from any organization's projects, potentially leading to intellectual property theft or further attack surface discovery.
Likely Case
Unauthorized access to debugging information and artifacts from projects where the user lacks proper permissions, potentially exposing internal system details or proprietary code.
If Mitigated
With proper authorization checks, only users with appropriate project permissions can access debug or artifact bundles, limiting exposure to authorized personnel only.
🎯 Exploit Status
Exploitation requires authenticated access and knowledge of bundle IDs, but the authorization bypass is straightforward once authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 23.5.2
Vendor Advisory: https://github.com/getsentry/sentry/security/advisories/GHSA-m4hc-m2v6-hfw8
Restart Required: Yes
Instructions:
1. Backup your Sentry installation and database. 2. Update Sentry to version 23.5.2 or higher using your deployment method (Docker, Kubernetes, etc.). 3. Restart all Sentry services. 4. Verify the update completed successfully.
🔧 Temporary Workarounds
Restrict access to bundle endpoints
allImplement network-level restrictions or web application firewall rules to limit access to debug/artifact bundle endpoints to authorized users only.
🧯 If You Can't Patch
- Implement strict access controls and monitoring for bundle download endpoints.
- Isolate Sentry instance from untrusted networks and limit user access to only necessary personnel.
🔍 How to Verify
Check if Vulnerable:
Check your Sentry version. If running 8.21.0 through 23.5.1, you are vulnerable.Check Version:
sentry --version or check the Sentry web interface admin panelVerify Fix Applied:
After upgrading, verify the version is 23.5.2 or higher and test that unauthorized users cannot download bundles from projects they don't have access to.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to /api/0/projects/{org}/{project}/files/dsyms/ or similar bundle endpoints
- Bundle downloads by users not associated with the organization/project
Network Indicators:
- Unusual patterns of bundle downloads from multiple organizations by single users
SIEM Query:
source="sentry" AND (url_path="/api/0/projects/*/files/dsyms/*" OR url_path="/api/0/projects/*/artifacts/*") AND user NOT IN authorized_users🔗 References
- https://github.com/getsentry/sentry/commit/e932b15435bf36239431eaa3790a6bcfa47046a9
- https://github.com/getsentry/sentry/pull/49680
- https://github.com/getsentry/sentry/security/advisories/GHSA-m4hc-m2v6-hfw8
- https://github.com/getsentry/sentry/commit/e932b15435bf36239431eaa3790a6bcfa47046a9
- https://github.com/getsentry/sentry/pull/49680
- https://github.com/getsentry/sentry/security/advisories/GHSA-m4hc-m2v6-hfw8
