6.5

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-39531

CVE-2023-39531: Sentry vulnerable to incorrect credential validation on OAuth token requests

Impact

An attacker with sufficient client-side exploits could retrieve a valid access token for another user during the OAuth token exchange due to incorrect credential validation. The client ID must be known and the API application must have already been authorized on the targeted user account.

Remediation

Sentry SaaS customers do not need to take any action. Those with the highest risk will be contacted directly by Sentry.
Self-hosted installations should upgrade to version 23.7.2 or higher.

Workarounds

There are no direct workarounds, but users should review applications authorized on their account (User Settings > Authorized Applications) and remove any that are no longer needed.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2023-39531

CVE-2023-39531:

6.5

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
sentry	pip	>= 10.0.0, < 23.7.2	23.7.2

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability centers around improper client credential validation during OAuth token exchange. In OAuth flows, the token endpoint must validate that the client making the token request (via client_id/client_secret) matches the client that was originally granted the authorization code. The described attack scenario implies this validation was missing or incomplete in the token endpoint handler. The most logical location for this vulnerability would be in the core token exchange method of the OAuth2 provider implementation, which in Sentry's architecture is typically found in the oauth_token endpoint handler. This matches the CWE-287 classification and the attack pattern described.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

6.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2023-39531: Sentry vulnerable to incorrect credential validation on OAuth token requests

Impact

Remediation

Workarounds

CVE-2023-39531:

6.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

6.5

6.5

Basic Information

Basic Information

CVE-2023-39531: Sentry vulnerable to incorrect credential validation on OAuth token requests

Impact

Remediation

Workarounds

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI