GHSA-g5q2-cxgq-h2rw
Suggest an improvement- Source
- https://github.com/advisories/GHSA-g5q2-cxgq-h2rw
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-g5q2-cxgq-h2rw/GHSA-g5q2-cxgq-h2rw.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-g5q2-cxgq-h2rw
- Aliases
-
- CVE-2020-8920
- Published
- 2022-05-24T17:35:58Z
- Modified
- 2024-11-30T05:30:30.737579Z
- Summary
- Information leak in Gerrit
- Details
-
An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users' personal information associated with their accounts.
- Database specific
{ "nvd_published_at": "2020-12-10T11:15:00Z", "cwe_ids": [ "CWE-863" ], "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2024-01-09T21:44:57Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2020-8920
- https://gerrit.googlesource.com/gerrit/+/45071d6977932bca5a1427c8abad24710fed2e33
- https://issues.gerritcodereview.com/issues/40012986
- https://www.gerritcodereview.com/2.14.html#21422
- https://www.gerritcodereview.com/2.15.html#21521
- https://www.gerritcodereview.com/2.16.html#21625
- https://www.gerritcodereview.com/3.0.html#3015
- https://www.gerritcodereview.com/3.1.html#3110
- https://www.gerritcodereview.com/3.2.html#325
Affected packages
Maven / com.google.gerrit:gerrit-plugin-api
Package
- Name
- com.google.gerrit:gerrit-plugin-api
- View open source insights on deps.dev
- Purl
- pkg:maven/com.google.gerrit/gerrit-plugin-api
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.14.22
Affected versions
2.*
2.9-rc1
2.9-rc2
2.9
2.9.1
2.9.3
2.9.5
2.10-rc1
2.10-rc2
2.10
2.10.1
2.10.2
2.10.3
2.10.3.1
2.10.4
2.10.5
2.10.6
2.10.7
2.10.8
2.11
2.11.1
2.11.2
2.11.3
2.11.4
2.11.5
2.11.6
2.11.7
2.11.8
2.11.9
2.11.10
2.11.11
2.11.12
2.12-rc0
2.12
2.12.1
2.12.2
2.12.3
2.12.4
2.12.5
2.12.6
2.12.7
2.12.8
2.12.9
2.13-rc1
2.13
2.13.1
2.13.2
2.13.3
2.13.4
2.13.5
2.13.6
2.13.7
2.13.8
2.13.9
2.13.10
2.13.11
2.13.12
2.13.13
2.13.14
2.14-rc0
2.14-rc1
2.14
2.14.1
2.14.2
2.14.3
2.14.4
2.14.5
2.14.5.1
2.14.6
2.14.7
2.14.8
2.14.9
2.14.10
2.14.11
2.14.12
2.14.13
2.14.14
2.14.15
2.14.16
2.14.17
2.14.18
2.14.19
2.14.20
2.14.21
Maven / com.google.gerrit:gerrit-plugin-api
Package
- Name
- com.google.gerrit:gerrit-plugin-api
- View open source insights on deps.dev
- Purl
- pkg:maven/com.google.gerrit/gerrit-plugin-api
Maven / com.google.gerrit:gerrit-plugin-api
Package
- Name
- com.google.gerrit:gerrit-plugin-api
- View open source insights on deps.dev
- Purl
- pkg:maven/com.google.gerrit/gerrit-plugin-api
Maven / com.google.gerrit:gerrit-plugin-api
Package
- Name
- com.google.gerrit:gerrit-plugin-api
- View open source insights on deps.dev
- Purl
- pkg:maven/com.google.gerrit/gerrit-plugin-api
Maven / com.google.gerrit:gerrit-plugin-api
Package
- Name
- com.google.gerrit:gerrit-plugin-api
- View open source insights on deps.dev
- Purl
- pkg:maven/com.google.gerrit/gerrit-plugin-api
Maven / com.google.gerrit:gerrit-plugin-api
Package
- Name
- com.google.gerrit:gerrit-plugin-api
- View open source insights on deps.dev
- Purl
- pkg:maven/com.google.gerrit/gerrit-plugin-api