CVE-2020-8919 Information

Jun 07, 2022 cve

Description

An information leak vulnerability exists in Gerrit versions prior to 2.15.21 2.16.25 3.0.15 3.1.10 3.2.5 where a missing access check on the branch REST API allows an attacker with only the default set of priviledges to read all other user’s personal account data as well as sub-trees with restricted access.

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Reference

https://www.gerritcodereview.com/3.0.html#3014 https://www.gerritcodereview.com/2.16.html#21625 https://www.gerritcodereview.com/3.2.html#325 https://www.gerritcodereview.com/3.1.html#3110 https://gerrit.googlesource.com/gerrit/+/0532fb876cb86bc091a91f78e6f28fff9e39ca65 https://www.gerritcodereview.com/2.15.html#21521

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

3.5

Share on: