CVE-2024-45606
📋 TL;DR
This vulnerability allows authenticated Sentry users to mute alert rules from organizations and projects they don't belong to or have permissions for. It affects self-hosted Sentry installations between versions 23.4.0 and 24.8.0. Sentry SaaS users are not affected as the platform has already been patched.
💻 Affected Systems
- Sentry (self-hosted)
📦 What is this software?
Sentry by Sentry
⚠️ Risk & Real-World Impact
Worst Case
An attacker with valid credentials could disable critical alerting across multiple organizations, potentially hiding security incidents, system failures, or performance degradation from legitimate administrators.
Likely Case
Malicious or compromised users within one organization could disrupt monitoring in other organizations they shouldn't have access to, causing alert fatigue or hiding issues from legitimate teams.
If Mitigated
With proper authorization checks in place, only users with appropriate permissions can mute alerts, maintaining the integrity of monitoring systems.
🎯 Exploit Status
Exploitation requires authenticated access and knowledge of alert rule IDs. No public exploits have been identified, and the vendor reports no instances of unauthorized muting in the wild.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 24.9.0
Vendor Advisory: https://github.com/getsentry/sentry/security/advisories/GHSA-v345-w9f2-mpm5
Restart Required: Yes
Instructions:
1. Backup your Sentry installation and database. 2. Upgrade to Sentry version 24.9.0 or higher using your deployment method (Docker, Kubernetes, etc.). 3. Restart all Sentry services. 4. Verify the upgrade was successful by checking the version in the UI or via API.
🧯 If You Can't Patch
- Restrict access to Sentry's API endpoints for muting alerts using network controls or WAF rules.
- Implement additional monitoring for alert mute actions and review audit logs regularly for unauthorized changes.
🔍 How to Verify
Check if Vulnerable:
Check your Sentry version via the web UI (Admin > System Status) or API. If version is between 23.4.0 and 24.8.0 inclusive, you are vulnerable.Check Version:
curl -s http://your-sentry-host/api/0/ | grep -o '"version":"[^"]*"'Verify Fix Applied:
After upgrading to 24.9.0 or higher, attempt to mute an alert rule from an organization you don't belong to - this should fail with proper authorization error.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to mute alert rules
- Alert mute actions from users not in the organization
- Failed authorization checks for alert operations
Network Indicators:
- POST requests to /api/0/projects/{organization_slug}/{project_slug}/rules/{rule_id}/mute/ from unauthorized sources
SIEM Query:
source="sentry" AND (event="rule.mute" OR url_path="/api/0/projects/*/rules/*/mute/") AND NOT user.organization IN allowed_organizations