cvedb.io
CVE-2024-53253
MEDIUM · CVSS 5.3
EPSS exploitation probability: 0%
Published 2024-11-22T20:15:09.210 · Last modified 2026-06-17T08:08:41.847

Summary

Sentry is an error tracking and performance monitoring platform. Version 24.11.0, and only version 24.11.0, is vulnerable to a scenario where a specific error message generated by the Sentry platform could include a plaintext Client ID and Client Secret for an application integration. The Client ID and Client Secret would not be displayed in the UI, but would be returned in the underlying HTTP response to the end user. This could occur under the following conditions: An app installation made use of a Search UI component with the `async` flag set to true (default: true); auser types types into the Search Component which creates a request to the third-party for search or query results; and that third-party response may then fail validation and Sentry would return the `select-requester.invali

Affected products

sentry — sentry

Does this affect you?

Add your gear to cvedb and we'll alert you only when sentry ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.