CVE-2020-8920 is a vulnerability in Google Gerrit
Published on December 10, 2020
Overoptimization leads to private information leak in Gerrit
An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users' personal information associated with their accounts.
Vulnerability Analysis
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CVE-2020-8920 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2020-8920
Want to know whenever a new CVE is published for Google Gerrit? stack.watch will email you.
Affected Versions
Gerrit:- Version stable and below 2.14.22 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.