What is CVE-2020-8919?

CVE-2020-8919 is a low-severity vulnerability in Gerrit, classified under Improper Authorization. CVSS score: 3.5/10. Published 2020-12-10.

How severe is CVE-2020-8919?

Low severity. CVSS v3 base score is 3.5 out of 10.

Auth bypass in Gerrit

CVE-2020-8919

An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the default set of priviledges to read all other…

EPSS: 0.001 (22.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.5 (Low). Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.

Affected products

Gerrit — versions stable

Weakness classification (CWE)

CWE-285 — Improper Authorization

References

gerrit.googlesource.com/gerrit/+/0532fb876cb86bc091a91f78e6f28fff9e39ca65 (x_refsource_CONFIRM)
www.gerritcodereview.com/2.15.html (x_refsource_CONFIRM)
www.gerritcodereview.com/2.16.html (x_refsource_CONFIRM)
www.gerritcodereview.com/3.0.html (x_refsource_CONFIRM)
www.gerritcodereview.com/3.1.html (x_refsource_CONFIRM)
www.gerritcodereview.com/3.2.html (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2020-8919?: CVE-2020-8919 is a low-severity vulnerability in Gerrit, classified under Improper Authorization. CVSS score: 3.5/10. Published 2020-12-10.
How severe is CVE-2020-8919?: Low severity. CVSS v3 base score is 3.5 out of 10.