CVE-2026-2725 - CERT CVE
ID CVE-2026-2725
Sažetak Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the "topic" tag of an unapproved change.
Reference
CVSS
Base: 5.3
Impact: 3.6
Exploitability:1.6
Pristup
VektorSloženostAutentikacija
NETWORK HIGH LOW
Impact
PovjerljivostCjelovitostDostupnost
NONE HIGH NONE
CVSS vektor CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
Zadnje važnije ažuriranje 30-06-2026 - 19:02
Objavljeno 13-05-2026 - 06:16