Lucene search
K
GoogleGerrit

4 matches found

CVE
CVE
added 2020/12/10 10:15 a.m.57 views

CVE-2020-8920

CVE-2020-8920 describes an information-leak in Gerrit where an over-optimization in the FilteredRepository wrapper bypasses access checks on All-Users repositories, allowing read access to users’ personal information. Affected versions are Gerrit before 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, ...

3.5CVSS3.4AI score0.00368EPSS
CVE
CVE
added 2020/12/10 10:15 a.m.52 views

CVE-2020-8919

The CVE refers to Gerrit information leakage due to a missing access check on the branch REST API. Affected are Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, and 3.2.5. The underlying issue enables an attacker with the default privilege set to read other users’ personal account data ...

3.5CVSS3.6AI score0.00317EPSS
CVE
CVE
added 2021/02/17 12:5 p.m.48 views

CVE-2021-22553

The CVE affects Gerrit where any git operation is proxied through Jetty, creating a session without expiry and not disposed by Jetty, enabling heap memory exhaustion on the server after multiple git actions. Affected software is Gerrit with Jetty-based session handling; root cause is non-expiring...

7.5CVSS7AI score0.00355EPSS
CVE
CVE
added 2026/05/13 5:32 a.m.20 views

CVE-2026-2725

Gerrit CVE-2026-2725 affects Gerrit versions 2.12 and later due to an incorrect authorization in the "submitted together" feature. An authenticated attacker with force-push permissions on a secondary branch can bypass code review and forcefully submit code to restricted branches by submitting a c...

6CVSS5.9AI score0.00116EPSS