CVE-2025-22146
Vulnerability from cvelistv5
Published
2025-01-15 19:57
Modified
2025-01-15 20:44
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Sentry is a developer-first error tracking and performance monitoring tool. A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sentry instance. The victim email address must be known in order to exploit this vulnerability. The Sentry SaaS fix was deployed on Jan 14, 2025. For self hosted users; if only a single organization is allowed `(SENTRY_SINGLE_ORGANIZATION = True)`, then no action is needed. Otherwise, users should upgrade to version 25.1.0 or higher. There are no known workarounds for this vulnerability.
References
security-advisories@github.comhttps://github.com/getsentry/sentry/pull/83407
security-advisories@github.comhttps://github.com/getsentry/sentry/security/advisories/GHSA-7pq6-v88g-wf3w
Impacted products
Vendor Product Version
getsentry sentry Version: >= 21.12.0, < 25.1.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-22146",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-15T20:44:21.092928Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-15T20:44:47.931Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "sentry",
          "vendor": "getsentry",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 21.12.0, \u003c 25.1.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Sentry is a developer-first error tracking and performance monitoring tool. A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sentry instance. The victim email address must be known in order to exploit this vulnerability. The Sentry SaaS fix was deployed on Jan 14, 2025. For self hosted users; if only a single organization is allowed `(SENTRY_SINGLE_ORGANIZATION = True)`, then no action is needed. Otherwise, users should upgrade to version 25.1.0 or higher. There are no known workarounds for this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287: Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-15T19:57:59.734Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/getsentry/sentry/security/advisories/GHSA-7pq6-v88g-wf3w",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/getsentry/sentry/security/advisories/GHSA-7pq6-v88g-wf3w"
        },
        {
          "name": "https://github.com/getsentry/sentry/pull/83407",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/getsentry/sentry/pull/83407"
        }
      ],
      "source": {
        "advisory": "GHSA-7pq6-v88g-wf3w",
        "discovery": "UNKNOWN"
      },
      "title": "Improper authentication on SAML SSO process allows user impersonation in sentry"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-22146",
    "datePublished": "2025-01-15T19:57:59.734Z",
    "dateReserved": "2024-12-30T03:00:33.654Z",
    "dateUpdated": "2025-01-15T20:44:47.931Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-22146\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-01-15T20:15:30.557\",\"lastModified\":\"2025-01-15T20:15:30.557\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Sentry is a developer-first error tracking and performance monitoring tool. A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sentry instance. The victim email address must be known in order to exploit this vulnerability. The Sentry SaaS fix was deployed on Jan 14, 2025. For self hosted users; if only a single organization is allowed `(SENTRY_SINGLE_ORGANIZATION = True)`, then no action is needed. Otherwise, users should upgrade to version 25.1.0 or higher. There are no known workarounds for this vulnerability.\"},{\"lang\":\"es\",\"value\":\"Sentry es una herramienta de seguimiento de errores y monitoreo de rendimiento dise\u00f1ada para desarrolladores. Se descubri\u00f3 una vulnerabilidad cr\u00edtica en la implementaci\u00f3n de SSO SAML de Sentry. Se nos inform\u00f3 a trav\u00e9s de nuestro programa privado de recompensas por errores. La vulnerabilidad permite a un atacante tomar el control de cualquier cuenta de usuario mediante el uso de un proveedor de identidad SAML malicioso y otra organizaci\u00f3n en la misma instancia de Sentry. Se debe conocer la direcci\u00f3n de correo electr\u00f3nico de la v\u00edctima para explotar esta vulnerabilidad. La correcci\u00f3n de Sentry SaaS se implement\u00f3 el 14 de enero de 2025. Para usuarios alojados en el servidor propio; si solo se permite una \u00fanica organizaci\u00f3n `(SENTRY_SINGLE_ORGANIZATION = True)`, no se necesita ninguna acci\u00f3n. De lo contrario, los usuarios deben actualizar a la versi\u00f3n 25.1.0 o superior. No existen workarounds conocidos para esta vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"references\":[{\"url\":\"https://github.com/getsentry/sentry/pull/83407\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/getsentry/sentry/security/advisories/GHSA-7pq6-v88g-wf3w\",\"source\":\"security-advisories@github.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-22146\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-15T20:44:21.092928Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-15T20:44:03.067Z\"}}], \"cna\": {\"title\": \"Improper authentication on SAML SSO process allows user impersonation in sentry\", \"source\": {\"advisory\": \"GHSA-7pq6-v88g-wf3w\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"getsentry\", \"product\": \"sentry\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 21.12.0, \u003c 25.1.0\"}]}], \"references\": [{\"url\": \"https://github.com/getsentry/sentry/security/advisories/GHSA-7pq6-v88g-wf3w\", \"name\": \"https://github.com/getsentry/sentry/security/advisories/GHSA-7pq6-v88g-wf3w\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/getsentry/sentry/pull/83407\", \"name\": \"https://github.com/getsentry/sentry/pull/83407\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Sentry is a developer-first error tracking and performance monitoring tool. A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sentry instance. The victim email address must be known in order to exploit this vulnerability. The Sentry SaaS fix was deployed on Jan 14, 2025. For self hosted users; if only a single organization is allowed `(SENTRY_SINGLE_ORGANIZATION = True)`, then no action is needed. Otherwise, users should upgrade to version 25.1.0 or higher. There are no known workarounds for this vulnerability.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-287\", \"description\": \"CWE-287: Improper Authentication\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-01-15T19:57:59.734Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-22146\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-15T20:44:47.931Z\", \"dateReserved\": \"2024-12-30T03:00:33.654Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-01-15T19:57:59.734Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.