Suggestions search

All statuses

Filter by:

With package: terraform-providers.jianyuan_sentry

Found 2 matching suggestions

View:

Compact

Detailed

Untriaged

Permalink CVE-2026-26004

created 5 days, 14 hours ago

Sentry allows unauthorized access to event data across organizational boundaries

Sentry is a developer-first error tracking and performance monitoring tool. Versions prior to 26.1.0 have a cross-organization Insecure Direct Object Reference (IDOR) vulnerability in Sentry's GroupEventJsonView endpoint. Version 26.1.0 patches the issue.

References

https://securitylab.github.com/advisories/GHSL-2025-130_Sentry/ x_refsource_CONFIRM
https://github.com/getsentry/sentry/pull/105601 x_refsource_MISC
https://github.com/getsentry/sentry/commit/45bc78fd57514a04eb62e73dd1eeb3ca2d723997 x_refsource_MISC

Affected products

sentry

==< 26.1.0

Matching in nixpkgs

pkgs.sentry-cli

Command line utility to work with Sentry

nixos-unstable 2.58.2
- nixpkgs-unstable 2.58.2
- nixos-unstable-small 2.58.2
nixos-25.11 2.58.2
- nixos-25.11-small 2.58.2
- nixpkgs-25.11-darwin 2.58.2

pkgs.sentry-native

Sentry SDK for C, C++ and native applications

nixos-unstable 0.13.1
- nixpkgs-unstable 0.13.1
- nixos-unstable-small 0.13.1
nixos-25.11 0.12.1
- nixos-25.11-small 0.12.1
- nixpkgs-25.11-darwin 0.12.1

pkgs.terraform-providers.sentry

None

nixos-unstable 0.14.11
- nixpkgs-unstable 0.14.11
- nixos-unstable-small 0.14.11
nixos-25.11 0.14.6
- nixos-25.11-small 0.14.6
- nixpkgs-25.11-darwin 0.14.6

pkgs.python312Packages.sentry-sdk

Official Python SDK for Sentry.io

nixos-25.11 2.43.0
- nixos-25.11-small 2.43.0
- nixpkgs-25.11-darwin 2.43.0

pkgs.python312Packages.typesentry

Python 2.7 & 3.5+ runtime type-checker

nixos-25.11 0.2.7
- nixos-25.11-small 0.2.7
- nixpkgs-25.11-darwin 0.2.7

pkgs.python313Packages.sentry-sdk

Official Python SDK for Sentry.io

nixos-unstable 2.53.0
- nixpkgs-unstable 2.53.0
- nixos-unstable-small 2.53.0
nixos-25.11 2.43.0
- nixos-25.11-small 2.43.0
- nixpkgs-25.11-darwin 2.43.0

pkgs.python313Packages.typesentry

Python 2.7 & 3.5+ runtime type-checker

nixos-25.11 0.2.7
- nixos-25.11-small 0.2.7
- nixpkgs-25.11-darwin 0.2.7

pkgs.python314Packages.sentry-sdk

Official Python SDK for Sentry.io

nixos-unstable 2.53.0
- nixpkgs-unstable 2.53.0
- nixos-unstable-small 2.53.0

pkgs.python312Packages.policy-sentry

Python module for generating IAM least privilege policies

nixos-25.11 0.14.1
- nixos-25.11-small 0.14.1
- nixpkgs-25.11-darwin 0.14.1

pkgs.python313Packages.policy-sentry

Python module for generating IAM least privilege policies

nixos-unstable 0.15.1
- nixpkgs-unstable 0.15.1
- nixos-unstable-small 0.15.1
nixos-25.11 0.14.1
- nixos-25.11-small 0.14.1
- nixpkgs-25.11-darwin 0.14.1

pkgs.python314Packages.policy-sentry

Python module for generating IAM least privilege policies

nixos-unstable 0.15.1
- nixpkgs-unstable 0.15.1
- nixos-unstable-small 0.15.1

pkgs.terraform-providers.jianyuan_sentry

None

nixos-unstable 0.14.11
- nixpkgs-unstable 0.14.11
- nixos-unstable-small 0.14.11
nixos-25.11 0.14.6
- nixos-25.11-small 0.14.6
- nixpkgs-25.11-darwin 0.14.6

pkgs.home-assistant-component-tests.sentry

Open source home automation that puts local control and privacy first

nixos-25.11 2025.11.3
- nixos-25.11-small 2025.11.3
- nixpkgs-25.11-darwin 2025.11.3

pkgs.grafanaPlugins.grafana-sentry-datasource

Integrate Sentry data into Grafana

nixos-unstable 2.2.1
- nixpkgs-unstable 2.2.1
- nixos-unstable-small 2.2.1
nixos-25.11 2.2.1
- nixos-25.11-small 2.2.1
- nixpkgs-25.11-darwin 2.2.1

pkgs.tests.home-assistant-component-tests.sentry

Open source home automation that puts local control and privacy first

nixos-unstable 2026.2.3
- nixpkgs-unstable 2026.2.3
- nixos-unstable-small 2026.2.3

Package maintainers

@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@abbradar Nikolay Amiantov <ab@fmap.me>
@Rizary Andika Demas Riyandi <andika@numtide.com>
@daniel-fahey Daniel Fahey <daniel.fahey+nixpkgs@pm.me>
@wheelsandmetal Jakob Schmutz <jakob@schmutz.co.uk>
@arianvp Arian van Putten <arian.vanputten@gmail.com>

Dismissed

Permalink CVE-2026-27197

9.1 CRITICAL

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): NONE

updated 1 month ago by @mweinelt Activity log

Created automatic suggestion 1 month ago
@mweinelt dismissed 1 month ago

Sentry: Improper Authentication on SAML SSO process allows user identity linking

Sentry is a developer-first error tracking and performance monitoring tool. Versions 21.12.0 through 26.1.0 have a critical vulnerability in its SAML SSO implementation which allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sentry instance. Self-hosted users are only at risk if the following criteria is met: ore than one organizations are configured (SENTRY_SINGLE_ORGANIZATION = True), or malicious user has existing access and permissions to modify SSO settings for another organization in a multo-organization instance. This issue has been fixed in version 26.2.0. To workaround this issue, implement user account-based two-factor authentication to prevent an attacker from being able to complete authentication with a victim's user account. Organization administrators cannot do this on a user's behalf, this requires individual users to ensure 2FA has been enabled for their account.