FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py39-sentry-sdk -- sensitive cookies leak

Affected packages
py39-sentry-sdk < 1.14.0

Details

VuXML ID 15dae5cc-9ee6-4577-a93e-2ab57780e707
Discovery 2023-03-21
Entry 2023-04-09

Tom Wolters reports:

When using the Django integration of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry.

These sensitive cookies could then be used by someone with access to your Sentry issues to impersonate or escalate their privileges within your application.

[source]

References

CVE Name CVE-2023-28117
URL https://osv.dev/vulnerability/GHSA-29pr-6jr8-q5jm

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.