Authentication Bypass by Spoofing

Summary

A critical vulnerability was discovered in the SAML SSO implementation of Sentry.The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sentry instance. The victim email address must be known in order to exploit this vulnerability. Self-hosted users are only vulnerable if the following conditions are met: They have more than one organization configured (SENTRY_SINGLE_ORGANIZATION = False). A malicious user has existing access and permissions to modify SSO settings for another organization in their multi-organization instance. The affected versions are 21.12.0 through 26.4.0.