Information Leak Vulnerability in Gerrit Versions Prior to 3.2.5

Information Leak Vulnerability in Gerrit Versions Prior to 3.2.5

CVE-2020-8920 · LOW Severity

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users' personal information associated with their accounts.

Learn more about our User Device Pen Test.