3 matches found
CVE-2026-2725
Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the "topic" ta...
CVE-2026-2725
Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the "topic" ta...
PT-2026-40576
Name of the Vulnerable Software and Affected Versions Gerrit versions 2.12 and later Description Incorrect authorization in the "submitted together" feature allows an authenticated attacker with force push permissions on a secondary branch to bypass code review. This is achieved by using a crafte...