sentry is susceptible to Permissive Cross-domain Policy With Untrusted Domains. If the `Origin` request header ends with the `system.base-hostname` option in the sentry installation, the sentry API returns the `access-control-allow-credentials: true` HTTP header. Only installations that have the `system.base-hostname` option explicitly set are affected by this vulnerability.Read More
Permissive Cross-domain Policy With Untrusted Domains
