Plattform
python
Komponente
sentry
Behoben in
21.12.1
25.1.0
CVE-2025-22146 is a critical vulnerability discovered in the SAML Single Sign-On (SSO) implementation of Sentry. This flaw allows an attacker to potentially take over user accounts by leveraging a malicious SAML Identity Provider and exploiting shared Sentry instances. The vulnerability impacts Sentry versions 23.7.1 and earlier, and a fix has been deployed to Sentry SaaS on January 14, 2025, with a self-hosted patch available in version 25.1.0.
The impact of CVE-2025-22146 is severe. An attacker can exploit this vulnerability to gain unauthorized access to user accounts within a Sentry instance. This is achieved by crafting a malicious SAML Identity Provider response and tricking a user into authenticating through it. Critically, the attacker needs to know the victim's email address to successfully exploit the vulnerability. Successful exploitation grants the attacker full access to the compromised user's Sentry account, including the ability to view sensitive project data, configure alerts, and potentially access other integrated systems. The shared nature of Sentry instances amplifies the risk, as a compromised account could provide a foothold for lateral movement within an organization.
CVE-2025-22146 was reported through Sentry's private bug bounty program, indicating proactive vulnerability discovery. As of the public disclosure date (January 15, 2025), there's no indication of active exploitation in the wild. The vulnerability's severity (CVSS 9.1) and the potential for account takeover warrant careful attention. It has not been added to the CISA KEV catalog at the time of writing. Public proof-of-concept (PoC) code has not been publicly released.
Organizations using Sentry for error tracking and performance monitoring, particularly those relying on SAML SSO for user authentication, are at risk. This includes teams with shared Sentry instances across multiple organizations or departments, as the vulnerability can be exploited to compromise accounts across these shared environments. Users who have not upgraded to the patched version of Sentry are also at significant risk.
• python / server: Monitor Sentry logs for unusual SAML authentication attempts or errors related to SAML processing. Look for patterns indicative of malicious SAML requests.
# Example: grep for SAML errors in Sentry logs
grep 'SAML error' /var/log/sentry/error.log• generic web: Examine Sentry's access logs for requests originating from unfamiliar or suspicious IP addresses attempting SAML authentication.
# Example: Check access logs for SAML requests from unknown IPs
awk '/SAML/ {print $1}' /var/log/nginx/access.log | sort | uniq -c | sort -nr | head -10patch
disclosure
Exploit-Status
EPSS
0.25% (49% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-22146 is to upgrade to Sentry version 25.1.0 or later. For Sentry SaaS users, the fix was deployed on January 14, 2025, so ensure your instance is running the latest version. Self-hosted Sentry users should apply the patch available in version 25.1.0. If immediate upgrading is not possible, consider restricting SAML SSO to trusted Identity Providers and carefully reviewing any new SAML configurations. While not a complete solution, implementing multi-factor authentication (MFA) can add an additional layer of security and make account takeover more difficult. After upgrading, confirm the fix by attempting a SAML login with a test user and verifying that the authentication process is secure.
Actualice Sentry a la versión 25.1.0 o superior. Si está utilizando una versión auto-hospedada y solo permite una única organización (SENTRY_SINGLE_ORGANIZATION = True), no es necesario realizar ninguna acción. De lo contrario, la actualización es obligatoria para mitigar la vulnerabilidad.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-22146 is a critical vulnerability in Sentry's SAML SSO implementation allowing attackers to take over user accounts via a malicious Identity Provider if the victim's email is known. It has a CVSS score of 9.1.
You are affected if you are using Sentry versions 23.7.1 or earlier and utilize SAML SSO for authentication. Upgrade to 25.1.0 or later to mitigate the risk.
Upgrade to Sentry version 25.1.0 or later. Sentry SaaS users have already received the patch; self-hosted users should apply the update manually.
As of January 15, 2025, there is no public evidence of active exploitation in the wild, but the vulnerability's severity warrants immediate action.
Refer to the official Sentry security advisory for detailed information and updates: https://sentry.io/security/
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.