Cpe Name:
cpe:2.3:a:google:gerrit:*:*:*:*:*:*:*:*
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2021-22553 |
400 |
|
|
2021-02-17 |
2021-02-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to any of the versions listed above. |
|
2 |
CVE-2020-8920 |
|
|
+Info |
2020-12-10 |
2021-10-07 |
2.7 |
None |
Local Network |
Low |
??? |
Partial |
None |
None |
|
An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users' personal information associated with their accounts. |
|
3 |
CVE-2020-8919 |
863 |
|
+Info |
2020-12-10 |
2020-12-16 |
2.7 |
None |
Local Network |
Low |
??? |
Partial |
None |
None |
|
An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the default set of priviledges to read all other user's personal account data as well as sub-trees with restricted access. |
Total number of vulnerabilities :
3
Page :
1
(This Page)
