CVE-2022-23485: 
Python vulnerability analysis and mitigation

Sentry, an error tracking and performance monitoring platform, was found to contain a vulnerability (CVE-2022-23485) in versions prior to 22.11.0. The vulnerability allowed an unauthenticated attacker with a known valid invite link to manipulate cookies and reuse the same invite link multiple times when joining an organization (GitHub Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 4.2 (Moderate severity) with the following metrics: Attack Vector: Network, Attack Complexity: High, Privileges Required: None, User Interaction: Required, Scope: Unchanged, Confidentiality: Low, Integrity: Low, Availability: None. The vulnerability is classified under CWE-284, which relates to improper access control (GitHub Advisory).

The primary impact of this vulnerability allows an attacker with a valid invite link to create multiple user accounts and join the organization from which the invite link was generated. This could potentially lead to unauthorized access to organization resources (GitHub Advisory).

The vulnerability was patched in Sentry version 22.11.0. For self-hosted Sentry installations that cannot immediately update, a workaround is available by disabling the invite functionality. This can be done by adding 'SENTRY_FEATURES["organizations:invite-members"] = False' to the sentry.conf.py file and restarting the Sentry web service. Sentry SaaS customers do not need to take any action (GitHub Advisory).