Lucene search
GoogleOSV:GHSA-G5Q2-CXGQ-H2RWHistoryMay 24, 2022 - 5:35 p.m.
Information leak in Gerrit
2022-05-2417:35:58
Google
osv.dev
6
information leak
gerrit
vulnerability
filteredrepository
access verification
personal information
accounts.
An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users’ personal information associated with their accounts.
References
gerrit.googlesource.com/gerrit/+/45071d6977932bca5a1427c8abad24710fed2e33
issues.gerritcodereview.com/issues/40012986
nvd.nist.gov/vuln/detail/CVE-2020-8920
www.gerritcodereview.com/2.14.html#21422
www.gerritcodereview.com/2.15.html#21521
www.gerritcodereview.com/2.16.html#21625
www.gerritcodereview.com/3.0.html#3015
www.gerritcodereview.com/3.1.html#3110
www.gerritcodereview.com/3.2.html#325
Related
nvd
nvd
CVE-2020-8920
2020-12-10 11:15:11
github
github
Information leak in Gerrit
2022-05-24 17:35:58
cve
cve
CVE-2020-8920
2020-12-10 11:15:11
prion
prion
Information disclosure
2020-12-10 11:15:00
cvelist
cvelist
CVE-2020-8920 Overoptimization leads to private information leak in Gerrit
2020-12-10 10:15:23