How severe is CVE-2023-36826?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2023-36826?

This is classified as CWE-285, which is a common weakness in software security.

CVE-2023-36826

MEDIUM Year: 2023

CVSS v3 Score

6.5

Medium

Weakness Type

CWE-285

View all →

Vulnerability Description

Sentry is an error tracking and performance monitoring platform. Starting in version 8.21.0 and prior to version 23.5.2, an authenticated user can download a debug or artifact bundle from arbitrary organizations and projects with a known bundle ID. The user does not need to be a member of the organization or have permissions on the project. A patch was issued in version 23.5.2 to ensure authorization checks are properly scoped on requests to retrieve debug or artifact bundles. Authenticated users who do not have the necessary permissions on the particular project are no longer able to download them. Sentry SaaS users do not need to take any action. Self-Hosted Sentry users should upgrade to version 23.5.2 or higher.

CVE-2015-10033

MEDIUM

CVSS:6.5(Medium)

A vulnerability, which was classified as problematic, was found in jvvlee MerlinsBoard. This affects an unknown part of the component Grade Handler. The manipulation leads to improper authorization. T...

CWE-2852015

CVE-2017-0896

MEDIUM

CVSS:6.5(Medium)

Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite oth...

CWE-2852017

CVE-2017-0927

MEDIUM

CVSS:6.5(Medium)

Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the deployment keys component resulting in unauthorized use of deployment keys by guest users.

CWE-2852017

CVE-2017-2686

MEDIUM

CVSS:6.5(Medium)

Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability that could allow an authenticated user to read arbitrary files through the web interface at port 10000/TCP and access sensitive informati...

CWE-2852017

CVE-2017-9268

MEDIUM

CVSS:6.5(Medium)

In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing authenticated users to cause operations on projects where they did no...

CWE-2852017

CVE-2018-0391

MEDIUM

CVSS:6.5(Medium)

A vulnerability in the password change function of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to cause the system to become inoperable. The vulnerability is d...

CWE-2852018

CVE-2023-36826

Vulnerability Description

Related Vulnerabilities

CVE-2015-10033

CVE-2017-0896

CVE-2017-0927

CVE-2017-2686

CVE-2017-9268

CVE-2018-0391