1. Home
  2. CVE Database
  3. CVE-2020-8920
LOW · 3.5

CVE-2020-8920

An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verificati...

Vulnerability Description

An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users' personal information associated with their accounts.

CVSS Score

3.5

LOW

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
GoogleGerrit>= 2.14.0, < 2.14.22

Related Weaknesses (CWE)

CWE-285

References

FAQ

What is CVE-2020-8920?

CVE-2020-8920 is a vulnerability with a CVSS score of 3.5 (LOW). An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verificati...

How severe is CVE-2020-8920?

CVE-2020-8920 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-8920?

Check the references section above for vendor advisories and patch information. Affected products include: Google Gerrit.