PT-2020-20369 · Google · Gerrit
Published
2020-12-10
·
Updated
2020-12-16
·
CVE-2020-8919
CVSS v3.1
3.5
Low
| Vector | AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Gerrit versions prior to 2.15.21
Gerrit versions prior to 2.16.25
Gerrit versions prior to 3.0.15
Gerrit versions prior to 3.1.10
Gerrit versions prior to 3.2.5
Description
An information leak issue exists where a missing access check on the "branch REST API" allows an attacker with only the default set of privileges to read all other users' personal account data as well as sub-trees with restricted access.
Recommendations
For versions prior to 2.15.21, update to version 2.15.21 or later.
For versions prior to 2.16.25, update to version 2.16.25 or later.
For versions prior to 3.0.15, update to version 3.0.15 or later.
For versions prior to 3.1.10, update to version 3.1.10 or later.
For versions prior to 3.2.5, update to version 3.2.5 or later.
Fix
Incorrect Authorization
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Gerrit