Description
Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, Bugsink issue event pages accept a direct event identifier from the URL and, in affected versions, look up that event without also requiring it to belong to the issue in the URL. This is a project-boundary authorization issue: a logged-in user with access to one project can view another project’s event data through an issue they are allowed to access. The affected views include the stacktrace, details, and breadcrumbs pages for an issue event. This vulnerability is fixed in 2.2.0.
Published: 2026-05-26
Score: 3.1 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-vx2f-6m6h-9frf Bugsink: Issue event views can show an event from another project if its UUID is known
History

Thu, 28 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 26 May 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Bugsink
Bugsink bugsink
Vendors & Products Bugsink
Bugsink bugsink

Tue, 26 May 2026 17:00:00 +0000

Type Values Removed Values Added
Description Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, Bugsink issue event pages accept a direct event identifier from the URL and, in affected versions, look up that event without also requiring it to belong to the issue in the URL. This is a project-boundary authorization issue: a logged-in user with access to one project can view another project’s event data through an issue they are allowed to access. The affected views include the stacktrace, details, and breadcrumbs pages for an issue event. This vulnerability is fixed in 2.2.0.
Title Bugsink: Issue event views can show an event from another project if its UUID is known
Weaknesses CWE-639
References
Metrics cvssV3_1

{'score': 3.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-28T13:59:29.137Z

Reserved: 2026-05-19T21:29:25.482Z

Link: CVE-2026-47715

cve-icon Vulnrichment

Updated: 2026-05-28T13:59:25.801Z

cve-icon NVD

Status : Deferred

Published: 2026-05-26T17:16:52.803

Modified: 2026-06-17T10:54:38.247

Link: CVE-2026-47715

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T18:45:13Z

Weaknesses