Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities found for gerrit by google
CVE-2021-22553 (GCVE-0-2021-22553)
Vulnerability from nvd – Published: 2021-02-17 12:05 – Updated: 2024-09-16 19:51
VLAI?
Title
Heap Memory exhaustion in Gerrit
Summary
Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to any of the versions listed above.
Severity ?
6.5 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Google LLC | Gerrit |
Affected:
unspecified , < 2.15.22
(custom)
Affected: unspecified , < 2.16.26 (custom) Affected: unspecified , < 3.0.16 (custom) Affected: unspecified , < 3.1.12 (custom) Affected: unspecified , < 3.2.7 (custom) Affected: unspecified , < 3.3.2 (custom) |
Date Public ?
2021-01-31 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:14.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/gerrit/issues/detail?id=13858"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Gerrit",
"vendor": "Google LLC",
"versions": [
{
"lessThan": "2.15.22",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "2.16.26",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "3.0.16",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "3.2.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "3.3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Antoine Musso"
}
],
"datePublic": "2021-01-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to any of the versions listed above."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-17T12:05:17.000Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/gerrit/issues/detail?id=13858"
}
],
"solutions": [
{
"lang": "en",
"value": "We recommend upgrading Gerrit to any version listed above."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Heap Memory exhaustion in Gerrit",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"DATE_PUBLIC": "2021-01-31T23:00:00.000Z",
"ID": "CVE-2021-22553",
"STATE": "PUBLIC",
"TITLE": "Heap Memory exhaustion in Gerrit"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Gerrit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.15.22"
},
{
"version_affected": "\u003c",
"version_value": "2.16.26"
},
{
"version_affected": "\u003c",
"version_value": "3.0.16"
},
{
"version_affected": "\u003c",
"version_value": "3.1.12"
},
{
"version_affected": "\u003c",
"version_value": "3.2.7"
},
{
"version_affected": "\u003c",
"version_value": "3.3.2"
}
]
}
}
]
},
"vendor_name": "Google LLC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Antoine Musso"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to any of the versions listed above."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.chromium.org/p/gerrit/issues/detail?id=13858",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/gerrit/issues/detail?id=13858"
}
]
},
"solution": [
{
"lang": "en",
"value": "We recommend upgrading Gerrit to any version listed above."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2021-22553",
"datePublished": "2021-02-17T12:05:17.410Z",
"dateReserved": "2021-01-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:51:15.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8920 (GCVE-0-2020-8920)
Vulnerability from nvd – Published: 2020-12-10 10:15 – Updated: 2024-08-04 10:12
VLAI?
Title
Overoptimization leads to private information leak in Gerrit
Summary
An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users' personal information associated with their accounts.
Severity ?
CWE
- CWE-285 - Improper Authorization
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:12:10.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.gerritcodereview.com/2.15.html#21521"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.gerritcodereview.com/2.16.html#21625"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.gerritcodereview.com/3.0.html#3014"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.gerritcodereview.com/3.1.html#3110"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.gerritcodereview.com/3.2.html#325"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gerrit.googlesource.com/gerrit/+/45071d6977932bca5a1427c8abad24710fed2e33"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.gerritcodereview.com/2.14.html#21422"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Gerrit",
"vendor": "Gerrit",
"versions": [
{
"changes": [
{
"at": "2.15.21",
"status": "unaffected"
},
{
"at": "2.16.25",
"status": "unaffected"
},
{
"at": "3.0.15",
"status": "unaffected"
},
{
"at": "3.1.10",
"status": "unaffected"
},
{
"at": "3.2.5",
"status": "unaffected"
}
],
"lessThan": "2.14.22",
"status": "affected",
"version": "stable",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users\u0027 personal information associated with their accounts."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-10T10:15:23.000Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.gerritcodereview.com/2.15.html#21521"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.gerritcodereview.com/2.16.html#21625"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.gerritcodereview.com/3.0.html#3014"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.gerritcodereview.com/3.1.html#3110"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.gerritcodereview.com/3.2.html#325"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gerrit.googlesource.com/gerrit/+/45071d6977932bca5a1427c8abad24710fed2e33"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.gerritcodereview.com/2.14.html#21422"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Overoptimization leads to private information leak in Gerrit",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2020-8920",
"STATE": "PUBLIC",
"TITLE": "Overoptimization leads to private information leak in Gerrit"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Gerrit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "stable",
"version_value": "2.14.22"
},
{
"version_affected": "\u003c",
"version_name": "stable",
"version_value": "2.15.21"
},
{
"version_affected": "\u003c",
"version_name": "stable",
"version_value": "2.16.25"
},
{
"version_affected": "\u003c",
"version_name": "stable",
"version_value": "3.0.15"
},
{
"version_affected": "\u003c",
"version_name": "stable",
"version_value": "3.1.10"
},
{
"version_affected": "\u003c",
"version_name": "stable",
"version_value": "3.2.5"
}
]
}
}
]
},
"vendor_name": "Gerrit"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users\u0027 personal information associated with their accounts."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.gerritcodereview.com/2.15.html#21521",
"refsource": "CONFIRM",
"url": "https://www.gerritcodereview.com/2.15.html#21521"
},
{
"name": "https://www.gerritcodereview.com/2.16.html#21625",
"refsource": "CONFIRM",
"url": "https://www.gerritcodereview.com/2.16.html#21625"
},
{
"name": "https://www.gerritcodereview.com/3.0.html#3014",
"refsource": "CONFIRM",
"url": "https://www.gerritcodereview.com/3.0.html#3014"
},
{
"name": "https://www.gerritcodereview.com/3.1.html#3110",
"refsource": "CONFIRM",
"url": "https://www.gerritcodereview.com/3.1.html#3110"
},
{
"name": "https://www.gerritcodereview.com/3.2.html#325",
"refsource": "CONFIRM",
"url": "https://www.gerritcodereview.com/3.2.html#325"
},
{
"name": "https://gerrit.googlesource.com/gerrit/+/45071d6977932bca5a1427c8abad24710fed2e33",
"refsource": "CONFIRM",
"url": "https://gerrit.googlesource.com/gerrit/+/45071d6977932bca5a1427c8abad24710fed2e33"
},
{
"name": "https://www.gerritcodereview.com/2.14.html#21422",
"refsource": "CONFIRM",
"url": "https://www.gerritcodereview.com/2.14.html#21422"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2020-8920",
"datePublished": "2020-12-10T10:15:23.000Z",
"dateReserved": "2020-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:12:10.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8919 (GCVE-0-2020-8919)
Vulnerability from nvd – Published: 2020-12-10 10:15 – Updated: 2024-08-04 10:12
VLAI?
Title
Information leakage in Gerrit
Summary
An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the default set of priviledges to read all other user's personal account data as well as sub-trees with restricted access.
Severity ?
CWE
- CWE-285 - Improper Authorization
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:12:10.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gerrit.googlesource.com/gerrit/+/0532fb876cb86bc091a91f78e6f28fff9e39ca65"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.gerritcodereview.com/2.15.html#21521"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.gerritcodereview.com/2.16.html#21625"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.gerritcodereview.com/3.0.html#3014"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.gerritcodereview.com/3.1.html#3110"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.gerritcodereview.com/3.2.html#325"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Gerrit",
"vendor": "Gerrit",
"versions": [
{
"changes": [
{
"at": "2.16.25",
"status": "unaffected"
},
{
"at": "3.0.15",
"status": "unaffected"
},
{
"at": "3.1.10",
"status": "unaffected"
},
{
"at": "3.2.5",
"status": "unaffected"
}
],
"lessThan": "2.15.21",
"status": "affected",
"version": "stable",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the default set of priviledges to read all other user\u0027s personal account data as well as sub-trees with restricted access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-10T10:15:22.000Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gerrit.googlesource.com/gerrit/+/0532fb876cb86bc091a91f78e6f28fff9e39ca65"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.gerritcodereview.com/2.15.html#21521"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.gerritcodereview.com/2.16.html#21625"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.gerritcodereview.com/3.0.html#3014"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.gerritcodereview.com/3.1.html#3110"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.gerritcodereview.com/3.2.html#325"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Information leakage in Gerrit",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2020-8919",
"STATE": "PUBLIC",
"TITLE": "Information leakage in Gerrit"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Gerrit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "stable",
"version_value": "2.15.21"
},
{
"version_affected": "\u003c",
"version_name": "stable",
"version_value": "2.16.25"
},
{
"version_affected": "\u003c",
"version_name": "stable",
"version_value": "3.0.15"
},
{
"version_affected": "\u003c",
"version_name": "stable",
"version_value": "3.1.10"
},
{
"version_affected": "\u003c",
"version_name": "stable",
"version_value": "3.2.5"
}
]
}
}
]
},
"vendor_name": "Gerrit"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the default set of priviledges to read all other user\u0027s personal account data as well as sub-trees with restricted access."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gerrit.googlesource.com/gerrit/+/0532fb876cb86bc091a91f78e6f28fff9e39ca65",
"refsource": "CONFIRM",
"url": "https://gerrit.googlesource.com/gerrit/+/0532fb876cb86bc091a91f78e6f28fff9e39ca65"
},
{
"name": "https://www.gerritcodereview.com/2.15.html#21521",
"refsource": "CONFIRM",
"url": "https://www.gerritcodereview.com/2.15.html#21521"
},
{
"name": "https://www.gerritcodereview.com/2.16.html#21625",
"refsource": "CONFIRM",
"url": "https://www.gerritcodereview.com/2.16.html#21625"
},
{
"name": "https://www.gerritcodereview.com/3.0.html#3014",
"refsource": "CONFIRM",
"url": "https://www.gerritcodereview.com/3.0.html#3014"
},
{
"name": "https://www.gerritcodereview.com/3.1.html#3110",
"refsource": "CONFIRM",
"url": "https://www.gerritcodereview.com/3.1.html#3110"
},
{
"name": "https://www.gerritcodereview.com/3.2.html#325",
"refsource": "CONFIRM",
"url": "https://www.gerritcodereview.com/3.2.html#325"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2020-8919",
"datePublished": "2020-12-10T10:15:22.000Z",
"dateReserved": "2020-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:12:10.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22553 (GCVE-0-2021-22553)
Vulnerability from cvelistv5 – Published: 2021-02-17 12:05 – Updated: 2024-09-16 19:51
VLAI?
Title
Heap Memory exhaustion in Gerrit
Summary
Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to any of the versions listed above.
Severity ?
6.5 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Google LLC | Gerrit |
Affected:
unspecified , < 2.15.22
(custom)
Affected: unspecified , < 2.16.26 (custom) Affected: unspecified , < 3.0.16 (custom) Affected: unspecified , < 3.1.12 (custom) Affected: unspecified , < 3.2.7 (custom) Affected: unspecified , < 3.3.2 (custom) |
Date Public ?
2021-01-31 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:14.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/gerrit/issues/detail?id=13858"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Gerrit",
"vendor": "Google LLC",
"versions": [
{
"lessThan": "2.15.22",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "2.16.26",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "3.0.16",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "3.2.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "3.3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Antoine Musso"
}
],
"datePublic": "2021-01-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to any of the versions listed above."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-17T12:05:17.000Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/gerrit/issues/detail?id=13858"
}
],
"solutions": [
{
"lang": "en",
"value": "We recommend upgrading Gerrit to any version listed above."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Heap Memory exhaustion in Gerrit",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"DATE_PUBLIC": "2021-01-31T23:00:00.000Z",
"ID": "CVE-2021-22553",
"STATE": "PUBLIC",
"TITLE": "Heap Memory exhaustion in Gerrit"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Gerrit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.15.22"
},
{
"version_affected": "\u003c",
"version_value": "2.16.26"
},
{
"version_affected": "\u003c",
"version_value": "3.0.16"
},
{
"version_affected": "\u003c",
"version_value": "3.1.12"
},
{
"version_affected": "\u003c",
"version_value": "3.2.7"
},
{
"version_affected": "\u003c",
"version_value": "3.3.2"
}
]
}
}
]
},
"vendor_name": "Google LLC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Antoine Musso"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to any of the versions listed above."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.chromium.org/p/gerrit/issues/detail?id=13858",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/gerrit/issues/detail?id=13858"
}
]
},
"solution": [
{
"lang": "en",
"value": "We recommend upgrading Gerrit to any version listed above."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2021-22553",
"datePublished": "2021-02-17T12:05:17.410Z",
"dateReserved": "2021-01-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:51:15.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8920 (GCVE-0-2020-8920)
Vulnerability from cvelistv5 – Published: 2020-12-10 10:15 – Updated: 2024-08-04 10:12
VLAI?
Title
Overoptimization leads to private information leak in Gerrit
Summary
An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users' personal information associated with their accounts.
Severity ?
CWE
- CWE-285 - Improper Authorization
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:12:10.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.gerritcodereview.com/2.15.html#21521"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.gerritcodereview.com/2.16.html#21625"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.gerritcodereview.com/3.0.html#3014"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.gerritcodereview.com/3.1.html#3110"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.gerritcodereview.com/3.2.html#325"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gerrit.googlesource.com/gerrit/+/45071d6977932bca5a1427c8abad24710fed2e33"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.gerritcodereview.com/2.14.html#21422"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Gerrit",
"vendor": "Gerrit",
"versions": [
{
"changes": [
{
"at": "2.15.21",
"status": "unaffected"
},
{
"at": "2.16.25",
"status": "unaffected"
},
{
"at": "3.0.15",
"status": "unaffected"
},
{
"at": "3.1.10",
"status": "unaffected"
},
{
"at": "3.2.5",
"status": "unaffected"
}
],
"lessThan": "2.14.22",
"status": "affected",
"version": "stable",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users\u0027 personal information associated with their accounts."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-10T10:15:23.000Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.gerritcodereview.com/2.15.html#21521"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.gerritcodereview.com/2.16.html#21625"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.gerritcodereview.com/3.0.html#3014"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.gerritcodereview.com/3.1.html#3110"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.gerritcodereview.com/3.2.html#325"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gerrit.googlesource.com/gerrit/+/45071d6977932bca5a1427c8abad24710fed2e33"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.gerritcodereview.com/2.14.html#21422"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Overoptimization leads to private information leak in Gerrit",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2020-8920",
"STATE": "PUBLIC",
"TITLE": "Overoptimization leads to private information leak in Gerrit"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Gerrit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "stable",
"version_value": "2.14.22"
},
{
"version_affected": "\u003c",
"version_name": "stable",
"version_value": "2.15.21"
},
{
"version_affected": "\u003c",
"version_name": "stable",
"version_value": "2.16.25"
},
{
"version_affected": "\u003c",
"version_name": "stable",
"version_value": "3.0.15"
},
{
"version_affected": "\u003c",
"version_name": "stable",
"version_value": "3.1.10"
},
{
"version_affected": "\u003c",
"version_name": "stable",
"version_value": "3.2.5"
}
]
}
}
]
},
"vendor_name": "Gerrit"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users\u0027 personal information associated with their accounts."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.gerritcodereview.com/2.15.html#21521",
"refsource": "CONFIRM",
"url": "https://www.gerritcodereview.com/2.15.html#21521"
},
{
"name": "https://www.gerritcodereview.com/2.16.html#21625",
"refsource": "CONFIRM",
"url": "https://www.gerritcodereview.com/2.16.html#21625"
},
{
"name": "https://www.gerritcodereview.com/3.0.html#3014",
"refsource": "CONFIRM",
"url": "https://www.gerritcodereview.com/3.0.html#3014"
},
{
"name": "https://www.gerritcodereview.com/3.1.html#3110",
"refsource": "CONFIRM",
"url": "https://www.gerritcodereview.com/3.1.html#3110"
},
{
"name": "https://www.gerritcodereview.com/3.2.html#325",
"refsource": "CONFIRM",
"url": "https://www.gerritcodereview.com/3.2.html#325"
},
{
"name": "https://gerrit.googlesource.com/gerrit/+/45071d6977932bca5a1427c8abad24710fed2e33",
"refsource": "CONFIRM",
"url": "https://gerrit.googlesource.com/gerrit/+/45071d6977932bca5a1427c8abad24710fed2e33"
},
{
"name": "https://www.gerritcodereview.com/2.14.html#21422",
"refsource": "CONFIRM",
"url": "https://www.gerritcodereview.com/2.14.html#21422"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2020-8920",
"datePublished": "2020-12-10T10:15:23.000Z",
"dateReserved": "2020-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:12:10.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8919 (GCVE-0-2020-8919)
Vulnerability from cvelistv5 – Published: 2020-12-10 10:15 – Updated: 2024-08-04 10:12
VLAI?
Title
Information leakage in Gerrit
Summary
An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the default set of priviledges to read all other user's personal account data as well as sub-trees with restricted access.
Severity ?
CWE
- CWE-285 - Improper Authorization
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:12:10.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gerrit.googlesource.com/gerrit/+/0532fb876cb86bc091a91f78e6f28fff9e39ca65"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.gerritcodereview.com/2.15.html#21521"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.gerritcodereview.com/2.16.html#21625"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.gerritcodereview.com/3.0.html#3014"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.gerritcodereview.com/3.1.html#3110"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.gerritcodereview.com/3.2.html#325"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Gerrit",
"vendor": "Gerrit",
"versions": [
{
"changes": [
{
"at": "2.16.25",
"status": "unaffected"
},
{
"at": "3.0.15",
"status": "unaffected"
},
{
"at": "3.1.10",
"status": "unaffected"
},
{
"at": "3.2.5",
"status": "unaffected"
}
],
"lessThan": "2.15.21",
"status": "affected",
"version": "stable",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the default set of priviledges to read all other user\u0027s personal account data as well as sub-trees with restricted access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-10T10:15:22.000Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gerrit.googlesource.com/gerrit/+/0532fb876cb86bc091a91f78e6f28fff9e39ca65"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.gerritcodereview.com/2.15.html#21521"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.gerritcodereview.com/2.16.html#21625"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.gerritcodereview.com/3.0.html#3014"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.gerritcodereview.com/3.1.html#3110"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.gerritcodereview.com/3.2.html#325"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Information leakage in Gerrit",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2020-8919",
"STATE": "PUBLIC",
"TITLE": "Information leakage in Gerrit"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Gerrit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "stable",
"version_value": "2.15.21"
},
{
"version_affected": "\u003c",
"version_name": "stable",
"version_value": "2.16.25"
},
{
"version_affected": "\u003c",
"version_name": "stable",
"version_value": "3.0.15"
},
{
"version_affected": "\u003c",
"version_name": "stable",
"version_value": "3.1.10"
},
{
"version_affected": "\u003c",
"version_name": "stable",
"version_value": "3.2.5"
}
]
}
}
]
},
"vendor_name": "Gerrit"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the default set of priviledges to read all other user\u0027s personal account data as well as sub-trees with restricted access."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gerrit.googlesource.com/gerrit/+/0532fb876cb86bc091a91f78e6f28fff9e39ca65",
"refsource": "CONFIRM",
"url": "https://gerrit.googlesource.com/gerrit/+/0532fb876cb86bc091a91f78e6f28fff9e39ca65"
},
{
"name": "https://www.gerritcodereview.com/2.15.html#21521",
"refsource": "CONFIRM",
"url": "https://www.gerritcodereview.com/2.15.html#21521"
},
{
"name": "https://www.gerritcodereview.com/2.16.html#21625",
"refsource": "CONFIRM",
"url": "https://www.gerritcodereview.com/2.16.html#21625"
},
{
"name": "https://www.gerritcodereview.com/3.0.html#3014",
"refsource": "CONFIRM",
"url": "https://www.gerritcodereview.com/3.0.html#3014"
},
{
"name": "https://www.gerritcodereview.com/3.1.html#3110",
"refsource": "CONFIRM",
"url": "https://www.gerritcodereview.com/3.1.html#3110"
},
{
"name": "https://www.gerritcodereview.com/3.2.html#325",
"refsource": "CONFIRM",
"url": "https://www.gerritcodereview.com/3.2.html#325"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2020-8919",
"datePublished": "2020-12-10T10:15:22.000Z",
"dateReserved": "2020-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:12:10.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}