CVE-2024-45605 – This vulnerability allows authenticated users i... (How to Fix)

Q: What is the severity of CVE-2024-45605?

CVE-2024-45605 has a CVSS score of 6.5 (MEDIUM). This vulnerability allows authenticated users in self-hosted Sentry deployments to delete issue alert notifications belonging to other users if they know the alert ID. It affects self-hosted Sentry instances running versions before 24.9.0, while Sentry SaaS users are not impacted.

📋 TL;DR

This vulnerability allows authenticated users in self-hosted Sentry deployments to delete issue alert notifications belonging to other users if they know the alert ID. It affects self-hosted Sentry instances running versions before 24.9.0, while Sentry SaaS users are not impacted.

💻 Affected Systems

Products:

Sentry (self-hosted)

Versions: Versions before 24.9.0

Operating Systems: All operating systems running Sentry

Default Config Vulnerable: ⚠️ Yes

Notes: Sentry SaaS (cloud) users are not affected. Only self-hosted deployments require action.

📦 What is this software?

Sentry by Sentry

View all CVEs affecting Sentry →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious authenticated users could delete critical alert notifications for other users, potentially causing security or operational incidents to go unnoticed.

🟠

Likely Case

Privilege escalation where users can interfere with other users' alert configurations, disrupting monitoring workflows.

🟢

If Mitigated

With proper authorization checks, users can only delete their own alert notifications as intended.

🌐 Internet-Facing: MEDIUM - If self-hosted Sentry is internet-accessible, authenticated users could exploit this remotely.

🏢 Internal Only: MEDIUM - Internal authenticated users could still exploit this vulnerability within the organization.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW - Requires authenticated access and knowledge of alert IDs

Exploitation requires authenticated user access and knowledge of target alert IDs.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 24.9.0 or higher

Vendor Advisory: https://github.com/getsentry/sentry/security/advisories/GHSA-54m3-95j9-v89j

Restart Required: Yes

Instructions:

1. Backup your Sentry instance. 2. Upgrade to Sentry version 24.9.0 or higher using your deployment method (Docker, Kubernetes, etc.). 3. Restart the Sentry services. 4. Verify the upgrade completed successfully.

🔧 Temporary Workarounds

No workarounds available

all

The vendor states there are no known workarounds for this vulnerability

🧯 If You Can't Patch

Restrict user permissions to minimize authenticated user base
Monitor alert deletion logs for suspicious activity targeting other users' alerts

🔍 How to Verify

Check if Vulnerable:

Check your Sentry version. If running version below 24.9.0, you are vulnerable.

Check Version:

docker exec sentry-web sentry --version (for Docker deployments) or check your deployment configuration

Verify Fix Applied:

Verify Sentry version is 24.9.0 or higher after upgrade

📡 Detection & Monitoring

Log Indicators:

Multiple alert deletion events from single user
Alert deletions for user IDs different from the requester

Network Indicators:

HTTP DELETE requests to /api/0/alerts/ endpoints with mismatched user/alert ownership

SIEM Query:

source="sentry" AND (action="alert.delete" OR method="DELETE") AND user_id != alert_owner_id

📊 Metadata

CVE ID: CVE-2024-45605

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CWE: CWE-639

Published: September 17, 2024

Last Updated: September 26, 2024

🔗 References

https://github.com/getsentry/self-hosted Product
https://github.com/getsentry/sentry/pull/77093 Issue Tracking,Patch
https://github.com/getsentry/sentry/security/advisories/GHSA-54m3-95j9-v89j Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45605, you might also want to check these: