CVE-2020-8919
published 2020-12-10CVE-2020-8919: An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST…
low3.5CVSS 3.1
AVAACLPRLUINSUCLINAN
An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the default set of priviledges to read all other user's personal account data as well as sub-trees with restricted access.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gerrit | gerrit | >= stable < 2.15.21 | 2.15.21 |
| gerrit | >= 2.15.0 < 2.15.21 | 2.15.21 | |
| gerrit | >= 2.16.0 < 2.16.25 | 2.16.25 | |
| gerrit | >= 3.0.0 < 3.0.15 | 3.0.15 | |
| gerrit | >= 3.1.0 < 3.1.10 | 3.1.10 | |
| gerrit | >= 3.2.0 < 3.2.5 | 3.2.5 |