4 matches found
CVE-2020-8920
An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users'...
com.gerritforge:global-refdb (=3.2.3) potentially affected by CVE-2020-8920 via com.google.gerrit:gerrit-plugin-api (=3.2.3)
com.google.gerrit:gerrit-plugin-api MAVEN version =3.2.3 is affected by a known vulnerability. The following packages have a transitive dependency on com.google.gerrit:gerrit-plugin-api and may be impacted: - com.gerritforge:global-refdb =3.2.3 Source cves: CVE-2020-8920 Source advisory:...
CVE-2020-8920
CVE-2020-8920 describes an information-leak in Gerrit where an over-optimization in the FilteredRepository wrapper bypasses access checks on All-Users repositories, allowing read access to users’ personal information. Affected versions are Gerrit before 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, ...
CVE-2020-8920 Overoptimization leads to private information leak in Gerrit
An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users'...