How severe is CVE-2022-23485?

This vulnerability has a severity rating of LOW with a CVSS score of 3.7 out of 10.

What type of vulnerability is CVE-2022-23485?

This is classified as CWE-269, which is a common weakness in software security.

CVE-2022-23485 - LOW Severity | CVSS 3.7

Vulnerability Description

Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite link could manipulate a cookie to allow the same invite link to be reused on multiple accounts when joining an organization. As a result an attacker with a valid invite link can create multiple users and join an organization they may not have been originally invited to. This issue was patched in version 22.11.0. Sentry SaaS customers do not need to take action. Self-hosted Sentry installs on systems which can not upgrade can disable the invite functionality until they are ready to deploy the patched version by editing their `sentry.conf.py` file (usually located at `~/.sentry/`).

Related Vulnerabilities

CVE-2024-39302

LOW

CVSS:3.7(Low)

BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker may be able to exploit the overly elevated file permissions in the `/usr/local/bigblue...

CWE-2692024

CVE-2024-46989

LOW

CVSS:3.7(Low)

spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Multiple caveats over the same indirect subject type on the sam...

CWE-2692024

CVE-2024-51324

LOW

CVSS:3.8(Low)

An issue in the BdApiUtil driver of Baidu Antivirus v5.2.3.116083 allows attackers to terminate arbitrary process via executing a BYOVD (Bring Your Own Vulnerable Driver) attack.

CWE-2692024

CVE-2024-43446

LOW

CVSS:3.5(Low)

An improper privilege management vulnerability in OTRS Generic Interface module allows change of the Ticket status even if the user only has ro permissions. This issue affects: * OTRS 7.0.X * OTRS 8.0...

CWE-2692024

CVE-2019-4112

MEDIUM

CVSS:4.0(Medium)

IBM WebSphere eXtreme Scale 8.6 Admin Console allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158105.

CWE-2692019

CVE-2019-4174

MEDIUM

CVSS:4.0(Medium)

IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158879.

CWE-2692019