Home

CVE-2020-8920

Description

An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users personal information associated with their accounts.

Risk Information

Base Score
3.5
MODERATE
Vector
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.076

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2020-8920 are fixed in Google-gerrit-plugin-api 2.14.22Windows
Vulnerabilities CVE-2020-8920 are fixed in Google-gerrit-plugin-api 2.15.21Windows
Vulnerabilities CVE-2020-8920 are fixed in Google-gerrit-plugin-api 2.16.25Windows
Vulnerabilities CVE-2020-8920 are fixed in Google-gerrit-plugin-api 3.0.15Windows
Vulnerabilities CVE-2020-8920 are fixed in Google-gerrit-plugin-api 3.1.10Windows
Vulnerabilities CVE-2020-8920 are fixed in Google-gerrit-plugin-api 3.2.5Windows
Vulnerabilities CVE-2020-8920 are fixed in Google-gerrit-plugin-api for Linux 2.14.22Linux
Vulnerabilities CVE-2020-8920 are fixed in Google-gerrit-plugin-api for Linux 2.15.21Linux
Vulnerabilities CVE-2020-8920 are fixed in Google-gerrit-plugin-api for Linux 2.16.25Linux
Vulnerabilities CVE-2020-8920 are fixed in Google-gerrit-plugin-api for Linux 3.0.15Linux
Vulnerabilities CVE-2020-8920 are fixed in Google-gerrit-plugin-api for Linux 3.1.10Linux
Vulnerabilities CVE-2020-8920 are fixed in Google-gerrit-plugin-api for Linux 3.2.5Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234