Vulnerabilities for Gerrit (...) - CXSECURITY.COM

Vulnerabilities for 'Gerrit'

2021-02-17

CVE-2021-22553

CWE-400

Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to any of the versions listed above.

2020-12-10

CVE-2020-8920

CWE-863

An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users' personal information associated with their accounts.

CVE-2020-8919

CWE-863

An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the default set of priviledges to read all other user's personal account data as well as sub-trees with restricted access.

>>> Vendor: Google 95 Products

Mini search appliance

Search appliance

Custom search engine

Google sketchup

App engine python sdk

Cr-48 chromebook

Android sdk tools

Google authenticator

Search appliance software

Android debug bridge

Android sdk platform tools

Android browser

Calendar events

Play services sdk

Google i/o 2017

News and weather

Chromecast firmware

Kubernetes engine

Nexus 7 firmware

Nexus 9 firmware

Cloud messaging notification

Nest cam iq indoor firmware

Closure library

Chrome-launcher

Secret manager provider for secret store csi driver

Exposure notifications verification server

Cloud iot device sdk for embedded c

Exposure notification verification server

Google-protobuf

Protobuf-kotlin

Oauth client library for java

Copyright 2024, cxsecurity.com