Security Advisory

CVE-2020-8920

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-12-10 10:15:23

Last updated 2024-08-04 10:12:10

Assigner Google

State PUBLISHED

Description

An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users personal information associated with their accounts.

← Browse all CVEs View on cve.org ↗