How severe is CVE-2023-36829?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2023-36829?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2023-36829

MEDIUM Year: 2023

CVSS v3 Score

5.4

Medium

Weakness Type

CWE-863

View all →

Vulnerability Description

Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the `access-control-allow-credentials: true` HTTP header if the `Origin` request header ends with the `system.base-hostname` option of Sentry installation. This only affects installations that have `system.base-hostname` option explicitly set, as it is empty by default. Impact is limited since recent versions of major browsers have cross-site cookie blocking enabled by default. However, this flaw could allow other multi-step attacks. The patch has been released in Sentry 23.6.2.

CVE-2017-2599

MEDIUM

CVSS:5.4(Medium)

Jenkins before versions 2.44 and 2.32.2 is vulnerable to an insufficient permission check. This allows users with permissions to create new items (e.g. jobs) to overwrite existing items they don't hav...

CWE-8632017

CVE-2018-1000106

MEDIUM

CVSS:5.4(Medium)

An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall...

CWE-8632018

CVE-2018-10212

MEDIUM

CVSS:5.4(Medium)

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization leading to creation of folders within another account via a modified device value.

CWE-8632018

CVE-2020-1725

MEDIUM

CVSS:5.4(Medium)

A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access tok...

CWE-8632020

CVE-2020-26555

MEDIUM

CVSS:5.4(Medium)

Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing withou...

CWE-8632020

CVE-2020-4794

MEDIUM

CVSS:5.4(Medium)

IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain sensit...

CWE-8632020

CVE-2023-36829

Vulnerability Description

Related Vulnerabilities

CVE-2017-2599

CVE-2018-1000106

CVE-2018-10212

CVE-2020-1725

CVE-2020-26555

CVE-2020-4794