CVE-2020-8920

Sažetak

An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users' personal information associated with their accounts.

Reference

https://www.gerritcodereview.com/3.0.html#3014
https://www.gerritcodereview.com/2.16.html#21625
https://www.gerritcodereview.com/3.2.html#325
https://www.gerritcodereview.com/3.1.html#3110
https://www.gerritcodereview.com/2.14.html#21422
https://gerrit.googlesource.com/gerrit/+/45071d6977932bca5a1427c8abad24710fed2e33
https://www.gerritcodereview.com/2.15.html#21521

CVSS

Base:	2.7
Impact:	2.9
Exploitability:	5.1

Pristup

Vektor	Složenost	Autentikacija
ADJACENT_NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:A/AC:L/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

07-10-2021 - 17:08

Objavljeno

10-12-2020 - 11:15