Vulnerabilities > CVE-2020-8920 - Unspecified vulnerability in Google Gerrit

CVSS 2.7 - LOW

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

low complexity

google

NVD

Published: 2020-12-10

Updated: 2021-10-07

Summary

An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users' personal information associated with their accounts.

Vulnerable Configurations

Part	Description	Count
Application	Google Google Gerrit 2.14.1 Google Gerrit 2.14.2 Google Gerrit 2.14.3 Google Gerrit 2.14.4 Google Gerrit 2.14.5.1 Google Gerrit 2.14.6 Google Gerrit 2.14.7 Google Gerrit 2.14.8 Google Gerrit 2.14.9 Google Gerrit 2.14.10 Google Gerrit 2.14.11 Google Gerrit 2.14.12 Google Gerrit 2.14.13 Google Gerrit 2.14.14 Google Gerrit 2.14.15 Google Gerrit 2.14.16 Google Gerrit 2.14.17 Google Gerrit 2.14.18 Google Gerrit 2.14.19 Google Gerrit 2.14.20 Google Gerrit 2.14.21 Google Gerrit 2.15.1 Google Gerrit 2.15.2 Google Gerrit 2.15.3 Google Gerrit 2.15.4 Google Gerrit 2.15.5 Google Gerrit 2.15.6 Google Gerrit 2.15.7 Google Gerrit 2.15.8 Google Gerrit 2.15.9 Google Gerrit 2.15.10 Google Gerrit 2.15.11 Google Gerrit 2.15.12 Google Gerrit 2.15.13 Google Gerrit 2.15.14 Google Gerrit 2.15.15 Google Gerrit 2.15.16 Google Gerrit 2.15.17 Google Gerrit 2.15.18 Google Gerrit 2.15.19 Google Gerrit 2.15.20 Google Gerrit 2.16.1 Google Gerrit 2.16.2 Google Gerrit 2.16.3 Google Gerrit 2.16.4 Google Gerrit 2.16.5 Google Gerrit 2.16.6 Google Gerrit 2.16.7 Google Gerrit 2.16.8 Google Gerrit 2.16.9 Google Gerrit 2.16.10 Google Gerrit 2.16.11.1 Google Gerrit 2.16.12 Google Gerrit 2.16.13 Google Gerrit 2.16.14 Google Gerrit 2.16.15 Google Gerrit 2.16.16 Google Gerrit 2.16.17 Google Gerrit 2.16.18 Google Gerrit 2.16.19 Google Gerrit 2.16.20 Google Gerrit 2.16.21 Google Gerrit 2.16.22 Google Gerrit 2.16.23 Google Gerrit 2.16.24 Google Gerrit 3.0.0 Google Gerrit 3.0.1 Google Gerrit 3.0.2 Google Gerrit 3.0.3 Google Gerrit 3.0.4 Google Gerrit 3.0.5 Google Gerrit 3.0.6 Google Gerrit 3.0.7 Google Gerrit 3.0.8 Google Gerrit 3.0.9 Google Gerrit 3.0.10 Google Gerrit 3.0.11 Google Gerrit 3.0.12 Google Gerrit 3.0.13 Google Gerrit 3.0.14 Google Gerrit 3.1.0 Google Gerrit 3.1.1 Google Gerrit 3.1.2 Google Gerrit 3.1.3 Google Gerrit 3.1.4 Google Gerrit 3.1.5 Google Gerrit 3.1.6 Google Gerrit 3.1.7 Google Gerrit 3.1.8 Google Gerrit 3.1.9 Google Gerrit 3.2.0 Google Gerrit 3.2.1 Google Gerrit 3.2.2 Google Gerrit 3.2.3 Google Gerrit 3.2.4	95

Summary

Vulnerable Configurations

References