Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for gerrit by google

    CVE-2026-2725 (GCVE-0-2026-2725)

    Vulnerability from nvd – Published: 2026-05-13 05:32 – Updated: 2026-05-13 14:44
    VLAI
    Title
    Improper Authorization in Gerrit allowing Code Review Bypass via "Submitted Together"
    Summary
    Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the "topic" tag of an unapproved change.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    Gerrit Gerrit Affected: 2.12; 0 (semver)
    Create a notification for this product.
    Date Public
    2026-02-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2725",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T14:43:52.068693Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T14:44:08.541Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://issues.gerritcodereview.com/issues/486131256"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Gerrit",
              "vendor": "Gerrit",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.12; 0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-02-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Incorrect authorization in the \"submitted together\" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the \"topic\" tag of an unapproved change."
                }
              ],
              "value": "Incorrect authorization in the \"submitted together\" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the \"topic\" tag of an unapproved change."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-180",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
                }
              ]
            },
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T05:32:49.235Z",
            "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
            "shortName": "Google"
          },
          "references": [
            {
              "url": "https://issues.gerritcodereview.com/issues/486131256"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper Authorization in Gerrit allowing Code Review Bypass via \"Submitted Together\"",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "assignerShortName": "Google",
        "cveId": "CVE-2026-2725",
        "datePublished": "2026-05-13T05:32:49.235Z",
        "dateReserved": "2026-02-18T21:50:06.426Z",
        "dateUpdated": "2026-05-13T14:44:08.541Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-22553 (GCVE-0-2021-22553)

    Vulnerability from nvd – Published: 2021-02-17 12:05 – Updated: 2024-09-16 19:51
    VLAI
    Title
    Heap Memory exhaustion in Gerrit
    Summary
    Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to any of the versions listed above.
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Vendor Product Version
    Google LLC Gerrit Affected: unspecified , < 2.15.22 (custom)
    Affected: unspecified , < 2.16.26 (custom)
    Affected: unspecified , < 3.0.16 (custom)
    Affected: unspecified , < 3.1.12 (custom)
    Affected: unspecified , < 3.2.7 (custom)
    Affected: unspecified , < 3.3.2 (custom)
    Create a notification for this product.
    Date Public
    2021-01-31 00:00
    Credits
    Antoine Musso
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:44:14.059Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.chromium.org/p/gerrit/issues/detail?id=13858"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Gerrit",
              "vendor": "Google LLC",
              "versions": [
                {
                  "lessThan": "2.15.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.16.26",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.0.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.1.12",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.3.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Antoine Musso"
            }
          ],
          "datePublic": "2021-01-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to any of the versions listed above."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-17T12:05:17.000Z",
            "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
            "shortName": "Google"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.chromium.org/p/gerrit/issues/detail?id=13858"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "We recommend upgrading Gerrit to any version listed above."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Heap Memory exhaustion in Gerrit",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@google.com",
              "DATE_PUBLIC": "2021-01-31T23:00:00.000Z",
              "ID": "CVE-2021-22553",
              "STATE": "PUBLIC",
              "TITLE": "Heap Memory exhaustion in Gerrit"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Gerrit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.15.22"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.16.26"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.0.16"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.1.12"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.2.7"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.3.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Google LLC"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Antoine Musso"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to any of the versions listed above."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-400 Uncontrolled Resource Consumption"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.chromium.org/p/gerrit/issues/detail?id=13858",
                  "refsource": "MISC",
                  "url": "https://bugs.chromium.org/p/gerrit/issues/detail?id=13858"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "We recommend upgrading Gerrit to any version listed above."
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "assignerShortName": "Google",
        "cveId": "CVE-2021-22553",
        "datePublished": "2021-02-17T12:05:17.410Z",
        "dateReserved": "2021-01-05T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:51:15.662Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-8920 (GCVE-0-2020-8920)

    Vulnerability from nvd – Published: 2020-12-10 10:15 – Updated: 2024-08-04 10:12
    VLAI
    Title
    Overoptimization leads to private information leak in Gerrit
    Summary
    An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users' personal information associated with their accounts.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Gerrit Gerrit Affected: stable , < 2.14.22 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:12:10.990Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.gerritcodereview.com/2.15.html#21521"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.gerritcodereview.com/2.16.html#21625"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.gerritcodereview.com/3.0.html#3014"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.gerritcodereview.com/3.1.html#3110"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.gerritcodereview.com/3.2.html#325"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://gerrit.googlesource.com/gerrit/+/45071d6977932bca5a1427c8abad24710fed2e33"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.gerritcodereview.com/2.14.html#21422"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Gerrit",
              "vendor": "Gerrit",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2.15.21",
                      "status": "unaffected"
                    },
                    {
                      "at": "2.16.25",
                      "status": "unaffected"
                    },
                    {
                      "at": "3.0.15",
                      "status": "unaffected"
                    },
                    {
                      "at": "3.1.10",
                      "status": "unaffected"
                    },
                    {
                      "at": "3.2.5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "2.14.22",
                  "status": "affected",
                  "version": "stable",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users\u0027 personal information associated with their accounts."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285 Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-10T10:15:23.000Z",
            "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
            "shortName": "Google"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.gerritcodereview.com/2.15.html#21521"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.gerritcodereview.com/2.16.html#21625"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.gerritcodereview.com/3.0.html#3014"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.gerritcodereview.com/3.1.html#3110"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.gerritcodereview.com/3.2.html#325"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://gerrit.googlesource.com/gerrit/+/45071d6977932bca5a1427c8abad24710fed2e33"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.gerritcodereview.com/2.14.html#21422"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Overoptimization leads to private information leak in Gerrit",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@google.com",
              "ID": "CVE-2020-8920",
              "STATE": "PUBLIC",
              "TITLE": "Overoptimization leads to private information leak in Gerrit"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Gerrit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "stable",
                                "version_value": "2.14.22"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "stable",
                                "version_value": "2.15.21"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "stable",
                                "version_value": "2.16.25"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "stable",
                                "version_value": "3.0.15"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "stable",
                                "version_value": "3.1.10"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "stable",
                                "version_value": "3.2.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Gerrit"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users\u0027 personal information associated with their accounts."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285 Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.gerritcodereview.com/2.15.html#21521",
                  "refsource": "CONFIRM",
                  "url": "https://www.gerritcodereview.com/2.15.html#21521"
                },
                {
                  "name": "https://www.gerritcodereview.com/2.16.html#21625",
                  "refsource": "CONFIRM",
                  "url": "https://www.gerritcodereview.com/2.16.html#21625"
                },
                {
                  "name": "https://www.gerritcodereview.com/3.0.html#3014",
                  "refsource": "CONFIRM",
                  "url": "https://www.gerritcodereview.com/3.0.html#3014"
                },
                {
                  "name": "https://www.gerritcodereview.com/3.1.html#3110",
                  "refsource": "CONFIRM",
                  "url": "https://www.gerritcodereview.com/3.1.html#3110"
                },
                {
                  "name": "https://www.gerritcodereview.com/3.2.html#325",
                  "refsource": "CONFIRM",
                  "url": "https://www.gerritcodereview.com/3.2.html#325"
                },
                {
                  "name": "https://gerrit.googlesource.com/gerrit/+/45071d6977932bca5a1427c8abad24710fed2e33",
                  "refsource": "CONFIRM",
                  "url": "https://gerrit.googlesource.com/gerrit/+/45071d6977932bca5a1427c8abad24710fed2e33"
                },
                {
                  "name": "https://www.gerritcodereview.com/2.14.html#21422",
                  "refsource": "CONFIRM",
                  "url": "https://www.gerritcodereview.com/2.14.html#21422"
                }
              ]
            },
            "source": {
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "assignerShortName": "Google",
        "cveId": "CVE-2020-8920",
        "datePublished": "2020-12-10T10:15:23.000Z",
        "dateReserved": "2020-02-12T00:00:00.000Z",
        "dateUpdated": "2024-08-04T10:12:10.990Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-8919 (GCVE-0-2020-8919)

    Vulnerability from nvd – Published: 2020-12-10 10:15 – Updated: 2024-08-04 10:12
    VLAI
    Title
    Information leakage in Gerrit
    Summary
    An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the default set of priviledges to read all other user's personal account data as well as sub-trees with restricted access.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Gerrit Gerrit Affected: stable , < 2.15.21 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:12:10.971Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://gerrit.googlesource.com/gerrit/+/0532fb876cb86bc091a91f78e6f28fff9e39ca65"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.gerritcodereview.com/2.15.html#21521"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.gerritcodereview.com/2.16.html#21625"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.gerritcodereview.com/3.0.html#3014"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.gerritcodereview.com/3.1.html#3110"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.gerritcodereview.com/3.2.html#325"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Gerrit",
              "vendor": "Gerrit",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2.16.25",
                      "status": "unaffected"
                    },
                    {
                      "at": "3.0.15",
                      "status": "unaffected"
                    },
                    {
                      "at": "3.1.10",
                      "status": "unaffected"
                    },
                    {
                      "at": "3.2.5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "2.15.21",
                  "status": "affected",
                  "version": "stable",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the default set of priviledges to read all other user\u0027s personal account data as well as sub-trees with restricted access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285 Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-10T10:15:22.000Z",
            "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
            "shortName": "Google"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://gerrit.googlesource.com/gerrit/+/0532fb876cb86bc091a91f78e6f28fff9e39ca65"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.gerritcodereview.com/2.15.html#21521"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.gerritcodereview.com/2.16.html#21625"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.gerritcodereview.com/3.0.html#3014"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.gerritcodereview.com/3.1.html#3110"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.gerritcodereview.com/3.2.html#325"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Information leakage in Gerrit",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@google.com",
              "ID": "CVE-2020-8919",
              "STATE": "PUBLIC",
              "TITLE": "Information leakage in Gerrit"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Gerrit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "stable",
                                "version_value": "2.15.21"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "stable",
                                "version_value": "2.16.25"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "stable",
                                "version_value": "3.0.15"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "stable",
                                "version_value": "3.1.10"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "stable",
                                "version_value": "3.2.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Gerrit"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the default set of priviledges to read all other user\u0027s personal account data as well as sub-trees with restricted access."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285 Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://gerrit.googlesource.com/gerrit/+/0532fb876cb86bc091a91f78e6f28fff9e39ca65",
                  "refsource": "CONFIRM",
                  "url": "https://gerrit.googlesource.com/gerrit/+/0532fb876cb86bc091a91f78e6f28fff9e39ca65"
                },
                {
                  "name": "https://www.gerritcodereview.com/2.15.html#21521",
                  "refsource": "CONFIRM",
                  "url": "https://www.gerritcodereview.com/2.15.html#21521"
                },
                {
                  "name": "https://www.gerritcodereview.com/2.16.html#21625",
                  "refsource": "CONFIRM",
                  "url": "https://www.gerritcodereview.com/2.16.html#21625"
                },
                {
                  "name": "https://www.gerritcodereview.com/3.0.html#3014",
                  "refsource": "CONFIRM",
                  "url": "https://www.gerritcodereview.com/3.0.html#3014"
                },
                {
                  "name": "https://www.gerritcodereview.com/3.1.html#3110",
                  "refsource": "CONFIRM",
                  "url": "https://www.gerritcodereview.com/3.1.html#3110"
                },
                {
                  "name": "https://www.gerritcodereview.com/3.2.html#325",
                  "refsource": "CONFIRM",
                  "url": "https://www.gerritcodereview.com/3.2.html#325"
                }
              ]
            },
            "source": {
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "assignerShortName": "Google",
        "cveId": "CVE-2020-8919",
        "datePublished": "2020-12-10T10:15:22.000Z",
        "dateReserved": "2020-02-12T00:00:00.000Z",
        "dateUpdated": "2024-08-04T10:12:10.971Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-2725 (GCVE-0-2026-2725)

    Vulnerability from cvelistv5 – Published: 2026-05-13 05:32 – Updated: 2026-05-13 14:44
    VLAI
    Title
    Improper Authorization in Gerrit allowing Code Review Bypass via "Submitted Together"
    Summary
    Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the "topic" tag of an unapproved change.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    Gerrit Gerrit Affected: 2.12; 0 (semver)
    Create a notification for this product.
    Date Public
    2026-02-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2725",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T14:43:52.068693Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T14:44:08.541Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://issues.gerritcodereview.com/issues/486131256"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Gerrit",
              "vendor": "Gerrit",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.12; 0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-02-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Incorrect authorization in the \"submitted together\" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the \"topic\" tag of an unapproved change."
                }
              ],
              "value": "Incorrect authorization in the \"submitted together\" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the \"topic\" tag of an unapproved change."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-180",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
                }
              ]
            },
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T05:32:49.235Z",
            "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
            "shortName": "Google"
          },
          "references": [
            {
              "url": "https://issues.gerritcodereview.com/issues/486131256"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper Authorization in Gerrit allowing Code Review Bypass via \"Submitted Together\"",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "assignerShortName": "Google",
        "cveId": "CVE-2026-2725",
        "datePublished": "2026-05-13T05:32:49.235Z",
        "dateReserved": "2026-02-18T21:50:06.426Z",
        "dateUpdated": "2026-05-13T14:44:08.541Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-22553 (GCVE-0-2021-22553)

    Vulnerability from cvelistv5 – Published: 2021-02-17 12:05 – Updated: 2024-09-16 19:51
    VLAI
    Title
    Heap Memory exhaustion in Gerrit
    Summary
    Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to any of the versions listed above.
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Vendor Product Version
    Google LLC Gerrit Affected: unspecified , < 2.15.22 (custom)
    Affected: unspecified , < 2.16.26 (custom)
    Affected: unspecified , < 3.0.16 (custom)
    Affected: unspecified , < 3.1.12 (custom)
    Affected: unspecified , < 3.2.7 (custom)
    Affected: unspecified , < 3.3.2 (custom)
    Create a notification for this product.
    Date Public
    2021-01-31 00:00
    Credits
    Antoine Musso
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:44:14.059Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.chromium.org/p/gerrit/issues/detail?id=13858"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Gerrit",
              "vendor": "Google LLC",
              "versions": [
                {
                  "lessThan": "2.15.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.16.26",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.0.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.1.12",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.3.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Antoine Musso"
            }
          ],
          "datePublic": "2021-01-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to any of the versions listed above."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-17T12:05:17.000Z",
            "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
            "shortName": "Google"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.chromium.org/p/gerrit/issues/detail?id=13858"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "We recommend upgrading Gerrit to any version listed above."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Heap Memory exhaustion in Gerrit",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@google.com",
              "DATE_PUBLIC": "2021-01-31T23:00:00.000Z",
              "ID": "CVE-2021-22553",
              "STATE": "PUBLIC",
              "TITLE": "Heap Memory exhaustion in Gerrit"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Gerrit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.15.22"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.16.26"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.0.16"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.1.12"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.2.7"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.3.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Google LLC"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Antoine Musso"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to any of the versions listed above."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-400 Uncontrolled Resource Consumption"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.chromium.org/p/gerrit/issues/detail?id=13858",
                  "refsource": "MISC",
                  "url": "https://bugs.chromium.org/p/gerrit/issues/detail?id=13858"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "We recommend upgrading Gerrit to any version listed above."
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "assignerShortName": "Google",
        "cveId": "CVE-2021-22553",
        "datePublished": "2021-02-17T12:05:17.410Z",
        "dateReserved": "2021-01-05T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:51:15.662Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-8920 (GCVE-0-2020-8920)

    Vulnerability from cvelistv5 – Published: 2020-12-10 10:15 – Updated: 2024-08-04 10:12
    VLAI
    Title
    Overoptimization leads to private information leak in Gerrit
    Summary
    An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users' personal information associated with their accounts.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Gerrit Gerrit Affected: stable , < 2.14.22 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:12:10.990Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.gerritcodereview.com/2.15.html#21521"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.gerritcodereview.com/2.16.html#21625"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.gerritcodereview.com/3.0.html#3014"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.gerritcodereview.com/3.1.html#3110"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.gerritcodereview.com/3.2.html#325"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://gerrit.googlesource.com/gerrit/+/45071d6977932bca5a1427c8abad24710fed2e33"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.gerritcodereview.com/2.14.html#21422"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Gerrit",
              "vendor": "Gerrit",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2.15.21",
                      "status": "unaffected"
                    },
                    {
                      "at": "2.16.25",
                      "status": "unaffected"
                    },
                    {
                      "at": "3.0.15",
                      "status": "unaffected"
                    },
                    {
                      "at": "3.1.10",
                      "status": "unaffected"
                    },
                    {
                      "at": "3.2.5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "2.14.22",
                  "status": "affected",
                  "version": "stable",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users\u0027 personal information associated with their accounts."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285 Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-10T10:15:23.000Z",
            "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
            "shortName": "Google"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.gerritcodereview.com/2.15.html#21521"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.gerritcodereview.com/2.16.html#21625"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.gerritcodereview.com/3.0.html#3014"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.gerritcodereview.com/3.1.html#3110"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.gerritcodereview.com/3.2.html#325"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://gerrit.googlesource.com/gerrit/+/45071d6977932bca5a1427c8abad24710fed2e33"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.gerritcodereview.com/2.14.html#21422"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Overoptimization leads to private information leak in Gerrit",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@google.com",
              "ID": "CVE-2020-8920",
              "STATE": "PUBLIC",
              "TITLE": "Overoptimization leads to private information leak in Gerrit"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Gerrit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "stable",
                                "version_value": "2.14.22"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "stable",
                                "version_value": "2.15.21"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "stable",
                                "version_value": "2.16.25"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "stable",
                                "version_value": "3.0.15"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "stable",
                                "version_value": "3.1.10"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "stable",
                                "version_value": "3.2.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Gerrit"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users\u0027 personal information associated with their accounts."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285 Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.gerritcodereview.com/2.15.html#21521",
                  "refsource": "CONFIRM",
                  "url": "https://www.gerritcodereview.com/2.15.html#21521"
                },
                {
                  "name": "https://www.gerritcodereview.com/2.16.html#21625",
                  "refsource": "CONFIRM",
                  "url": "https://www.gerritcodereview.com/2.16.html#21625"
                },
                {
                  "name": "https://www.gerritcodereview.com/3.0.html#3014",
                  "refsource": "CONFIRM",
                  "url": "https://www.gerritcodereview.com/3.0.html#3014"
                },
                {
                  "name": "https://www.gerritcodereview.com/3.1.html#3110",
                  "refsource": "CONFIRM",
                  "url": "https://www.gerritcodereview.com/3.1.html#3110"
                },
                {
                  "name": "https://www.gerritcodereview.com/3.2.html#325",
                  "refsource": "CONFIRM",
                  "url": "https://www.gerritcodereview.com/3.2.html#325"
                },
                {
                  "name": "https://gerrit.googlesource.com/gerrit/+/45071d6977932bca5a1427c8abad24710fed2e33",
                  "refsource": "CONFIRM",
                  "url": "https://gerrit.googlesource.com/gerrit/+/45071d6977932bca5a1427c8abad24710fed2e33"
                },
                {
                  "name": "https://www.gerritcodereview.com/2.14.html#21422",
                  "refsource": "CONFIRM",
                  "url": "https://www.gerritcodereview.com/2.14.html#21422"
                }
              ]
            },
            "source": {
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "assignerShortName": "Google",
        "cveId": "CVE-2020-8920",
        "datePublished": "2020-12-10T10:15:23.000Z",
        "dateReserved": "2020-02-12T00:00:00.000Z",
        "dateUpdated": "2024-08-04T10:12:10.990Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-8919 (GCVE-0-2020-8919)

    Vulnerability from cvelistv5 – Published: 2020-12-10 10:15 – Updated: 2024-08-04 10:12
    VLAI
    Title
    Information leakage in Gerrit
    Summary
    An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the default set of priviledges to read all other user's personal account data as well as sub-trees with restricted access.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Gerrit Gerrit Affected: stable , < 2.15.21 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:12:10.971Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://gerrit.googlesource.com/gerrit/+/0532fb876cb86bc091a91f78e6f28fff9e39ca65"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.gerritcodereview.com/2.15.html#21521"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.gerritcodereview.com/2.16.html#21625"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.gerritcodereview.com/3.0.html#3014"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.gerritcodereview.com/3.1.html#3110"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.gerritcodereview.com/3.2.html#325"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Gerrit",
              "vendor": "Gerrit",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2.16.25",
                      "status": "unaffected"
                    },
                    {
                      "at": "3.0.15",
                      "status": "unaffected"
                    },
                    {
                      "at": "3.1.10",
                      "status": "unaffected"
                    },
                    {
                      "at": "3.2.5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "2.15.21",
                  "status": "affected",
                  "version": "stable",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the default set of priviledges to read all other user\u0027s personal account data as well as sub-trees with restricted access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285 Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-10T10:15:22.000Z",
            "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
            "shortName": "Google"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://gerrit.googlesource.com/gerrit/+/0532fb876cb86bc091a91f78e6f28fff9e39ca65"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.gerritcodereview.com/2.15.html#21521"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.gerritcodereview.com/2.16.html#21625"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.gerritcodereview.com/3.0.html#3014"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.gerritcodereview.com/3.1.html#3110"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.gerritcodereview.com/3.2.html#325"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Information leakage in Gerrit",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@google.com",
              "ID": "CVE-2020-8919",
              "STATE": "PUBLIC",
              "TITLE": "Information leakage in Gerrit"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Gerrit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "stable",
                                "version_value": "2.15.21"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "stable",
                                "version_value": "2.16.25"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "stable",
                                "version_value": "3.0.15"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "stable",
                                "version_value": "3.1.10"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "stable",
                                "version_value": "3.2.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Gerrit"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the default set of priviledges to read all other user\u0027s personal account data as well as sub-trees with restricted access."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285 Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://gerrit.googlesource.com/gerrit/+/0532fb876cb86bc091a91f78e6f28fff9e39ca65",
                  "refsource": "CONFIRM",
                  "url": "https://gerrit.googlesource.com/gerrit/+/0532fb876cb86bc091a91f78e6f28fff9e39ca65"
                },
                {
                  "name": "https://www.gerritcodereview.com/2.15.html#21521",
                  "refsource": "CONFIRM",
                  "url": "https://www.gerritcodereview.com/2.15.html#21521"
                },
                {
                  "name": "https://www.gerritcodereview.com/2.16.html#21625",
                  "refsource": "CONFIRM",
                  "url": "https://www.gerritcodereview.com/2.16.html#21625"
                },
                {
                  "name": "https://www.gerritcodereview.com/3.0.html#3014",
                  "refsource": "CONFIRM",
                  "url": "https://www.gerritcodereview.com/3.0.html#3014"
                },
                {
                  "name": "https://www.gerritcodereview.com/3.1.html#3110",
                  "refsource": "CONFIRM",
                  "url": "https://www.gerritcodereview.com/3.1.html#3110"
                },
                {
                  "name": "https://www.gerritcodereview.com/3.2.html#325",
                  "refsource": "CONFIRM",
                  "url": "https://www.gerritcodereview.com/3.2.html#325"
                }
              ]
            },
            "source": {
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "assignerShortName": "Google",
        "cveId": "CVE-2020-8919",
        "datePublished": "2020-12-10T10:15:22.000Z",
        "dateReserved": "2020-02-12T00:00:00.000Z",
        "dateUpdated": "2024-08-04T10:12:10.971Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }