cvedb.io
CVE-2023-28117
HIGH · CVSS 7.6
EPSS exploitation probability: 0%
Published 2023-03-22T20:15:12.793 · Last modified 2026-06-17T05:46:54.547

Summary

Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitive cookies could then be used by someone with access to your Sentry issues to impersonate or escalate their privileges within your application. In order for these sensitive values to be leaked, the Sentry SDK configuration must have `sendDefaultPII` set to `True`; one must use a custom name for either `SESSION_COOKIE_NAME` or `CSRF_COOKIE_NAME` in one's Django settings; and one must not be configured in one's organization or project settings to use Sentry's data scrubbing features to account for th

Affected products

sentry — sentry_software_development_kit

Does this affect you?

Add your gear to cvedb and we'll alert you only when sentry ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.