vulnerability

FreeBSD: VID-15dae5cc-9ee6-4577-a93e-2ab57780e707 (CVE-2023-28117): py39-sentry-sdk -- sensitive cookies leak

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:M/C:C/I:P/A:N)	Apr 9, 2023	Apr 14, 2023	Dec 10, 2025

Severity

CVSS

(AV:N/AC:L/Au:M/C:C/I:P/A:N)

Published

Apr 9, 2023

Added

Apr 14, 2023

Modified

Dec 10, 2025

Description

Tom Wolters reports: When using the Django integration of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitive cookies could then be used by someone with access to your Sentry issues to impersonate or escalate their privileges within your application.

Solution

freebsd-upgrade-package-py39-sentry-sdk

References

CVE-2023-28117
https://attackerkb.com/topics/CVE-2023-28117
CWE-201
CWE-209

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today