CVE-2024-9410: 
Linux Alpine vulnerability analysis and mitigation

Ada.cx's Sentry configuration contained a vulnerability (CVE-2024-9410) that allowed for blind server-side request forgeries (SSRF) through the use of a data scraping endpoint. The vulnerability was discovered in July 2024 and was remediated by October 1, 2024, affecting Ada.cx's Sentry integration prior to the remediation date (Tenable Advisory).

The vulnerability stemmed from Ada's use of Sentry.io for application monitoring, metrics, and error tracking within their environment. The tool was configured with automatic data scraping enabled when supplying certain error tracking endpoints with a 'filename' in 'stacktrace' fields. The vulnerability has been assigned a CVSSv3.1 Base Score of 5.3 (Medium) with the vector string AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N, indicating network accessibility, low attack complexity, and no required privileges or user interaction (Tenable Advisory).

While the CVSSv3.1 vector indicates a Medium severity issue, Tenable researchers labeled this as a Low severity issue due to the limited control an attacker has over the forged requests. The vulnerability could allow attackers to perform blind server-side request forgeries using Ada's infrastructure (Tenable Advisory).

Ada.cx has fully remediated this issue as of October 1, 2024. As this is a cloud-based service, no action is necessary for end users (Tenable Advisory).