154 matches found
CVE-2026-2725
A flaw was found in Gerrit. An authenticated attacker with force push permissions on a secondary branch can exploit an incorrect authorization vulnerability within the "submitted together" feature. By crafting a submission that matches the "topic" tag of an unapproved change, the attacker can...
EUVD-2026-29910
Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the "topic" ta...
CVE-2026-2725
Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the "topic" ta...
CVE-2026-2725 Improper Authorization in Gerrit allowing Code Review Bypass via "Submitted Together"
Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the "topic" ta...
CVE-2026-2725
Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the "topic" ta...
CVE-2026-2725
Gerrit CVE-2026-2725 affects Gerrit versions 2.12 and later due to an incorrect authorization in the "submitted together" feature. An authenticated attacker with force-push permissions on a secondary branch can bypass code review and forcefully submit code to restricted branches by submitting a c...
CVE-2026-2725 Improper Authorization in Gerrit allowing Code Review Bypass via "Submitted Together"
Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the "topic" ta...
Gerrit 安全漏洞
Gerrit is a code review tool used within the Gerrit community. Versions of Gerrit 2.12 and later contain security vulnerabilities. These vulnerabilities stem from improper authorization in the “submitted together” feature, which could allow authenticated attackers to bypass code reviews and force...
PT-2026-40576
Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the "topic" ta...
com.barchart.jenkins:maven-release-cascade (>=1.1.0 <=1.3.2), com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger (>=2.8.0 <=2.10.1) potentially affected by CVE-2026-42523 via org.jenkins-ci.plugins:git (>=1.2.0 <=1.3.0)
org.jenkins-ci.plugins:git MAVEN version =1.2.0, =1.1.0, =2.8.0, =2.10.1 Source cves: CVE-2026-42523 Source advisory: OSV:GHSA-W22P-4X9F-486V...
CVE-2026-24385
Deserialization of Untrusted Data vulnerability in gerritvanaaken Podlove Web Player podlove-web-player allows Object Injection.This issue affects Podlove Web Player: from n/a through = 5.9.1...
CVE-2018-1000105
An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to retrieve some configuration information about Gerrit in Jenkins...
CVE-2025-1568
Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via editing trusted pipelin...
EUVD-2020-29753
Malware in sbrugna...
EUVD-2016-6672
Malware in sbrugna...
EUVD-2022-5632
Malicious code in bioql PyPI...
EUVD-2022-5387
Malicious code in bioql PyPI...
EUVD-2022-2436
Malicious code in bioql PyPI...
EUVD-2022-7681
Malicious code in bioql PyPI...
EUVD-2025-11490
Malicious code in bioql PyPI...