Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 4:53 p.m.8 views

CVE-2020-8920

An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users'...

3.5CVSS6.3AI score0.00368EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2022/05/24 5:35 p.m.3 views

com.gerritforge:global-refdb (=3.2.3) potentially affected by CVE-2020-8920 via com.google.gerrit:gerrit-plugin-api (=3.2.3)

com.google.gerrit:gerrit-plugin-api MAVEN version =3.2.3 is affected by a known vulnerability. The following packages have a transitive dependency on com.google.gerrit:gerrit-plugin-api and may be impacted: - com.gerritforge:global-refdb =3.2.3 Source cves: CVE-2020-8920 Source advisory:...

3.5CVSS5.8AI score0.00368EPSS
Exploits0
CVE
CVE
added 2020/12/10 10:15 a.m.58 views

CVE-2020-8920

CVE-2020-8920 describes an information-leak in Gerrit where an over-optimization in the FilteredRepository wrapper bypasses access checks on All-Users repositories, allowing read access to users’ personal information. Affected versions are Gerrit before 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, ...

3.5CVSS3.4AI score0.00368EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2020/12/10 10:15 a.m.34 views

CVE-2020-8920 Overoptimization leads to private information leak in Gerrit

An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users'...

3.5CVSS3.5AI score0.00368EPSS
Exploits0References7
Rows per page
Query Builder