CVE-2020-8919 - OpenCVE

An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the default set of priviledges to read all other user's personal account data as well as sub-trees with restricted access.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:A/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Gerrit

Configuration 1 [-]

OR	cpe:2.3:a:google:gerrit::::::::
	cpe:2.3:a:google:gerrit::::::::
	cpe:2.3:a:google:gerrit::::::::
	cpe:2.3:a:google:gerrit::::::::
	cpe:2.3:a:google:gerrit::::::::

No data.

References

Link	Providers
https://gerrit.googlesource.com/gerrit/+/0532fb876cb86bc091a91f78e6f28fff9e39ca65
https://www.gerritcodereview.com/2.15.html#21521
https://www.gerritcodereview.com/2.16.html#21625
https://www.gerritcodereview.com/3.0.html#3014
https://www.gerritcodereview.com/3.1.html#3110
https://www.gerritcodereview.com/3.2.html#325

History

No history.

MITRE

Status: PUBLISHED

Assigner: Google

Published: 2020-12-10T10:15:22

Updated: 2024-08-04T10:12:10.971Z

Reserved: 2020-02-12T00:00:00

Link: CVE-2020-8919

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-12-10T11:15:11.450

Modified: 2020-12-16T01:02:50.263

Link: CVE-2020-8919

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Gerrit", "vendor": "Gerrit", "versions": [{"changes": [{"at": "2.16.25", "status": "unaffected"}, {"at": "3.0.15", "status": "unaffected"}, {"at": "3.1.10", "status": "unaffected"}, {"at": "3.2.5", "status": "unaffected"}], "lessThan": "2.15.21", "status": "affected", "version": "stable", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the default set of priviledges to read all other user's personal account data as well as sub-trees with restricted access."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-285", "description": "CWE-285 Improper Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-12-10T10:15:22", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://gerrit.googlesource.com/gerrit/+/0532fb876cb86bc091a91f78e6f28fff9e39ca65"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.gerritcodereview.com/2.15.html#21521"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.gerritcodereview.com/2.16.html#21625"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.gerritcodereview.com/3.0.html#3014"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.gerritcodereview.com/3.1.html#3110"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.gerritcodereview.com/3.2.html#325"}], "source": {"discovery": "INTERNAL"}, "title": "Information leakage in Gerrit", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "ID": "CVE-2020-8919", "STATE": "PUBLIC", "TITLE": "Information leakage in Gerrit"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Gerrit", "version": {"version_data": [{"version_affected": "<", "version_name": "stable", "version_value": "2.15.21"}, {"version_affected": "<", "version_name": "stable", "version_value": "2.16.25"}, {"version_affected": "<", "version_name": "stable", "version_value": "3.0.15"}, {"version_affected": "<", "version_name": "stable", "version_value": "3.1.10"}, {"version_affected": "<", "version_name": "stable", "version_value": "3.2.5"}]}}]}, "vendor_name": "Gerrit"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the default set of priviledges to read all other user's personal account data as well as sub-trees with restricted access."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-285 Improper Authorization"}]}]}, "references": {"reference_data": [{"name": "https://gerrit.googlesource.com/gerrit/+/0532fb876cb86bc091a91f78e6f28fff9e39ca65", "refsource": "CONFIRM", "url": "https://gerrit.googlesource.com/gerrit/+/0532fb876cb86bc091a91f78e6f28fff9e39ca65"}, {"name": "https://www.gerritcodereview.com/2.15.html#21521", "refsource": "CONFIRM", "url": "https://www.gerritcodereview.com/2.15.html#21521"}, {"name": "https://www.gerritcodereview.com/2.16.html#21625", "refsource": "CONFIRM", "url": "https://www.gerritcodereview.com/2.16.html#21625"}, {"name": "https://www.gerritcodereview.com/3.0.html#3014", "refsource": "CONFIRM", "url": "https://www.gerritcodereview.com/3.0.html#3014"}, {"name": "https://www.gerritcodereview.com/3.1.html#3110", "refsource": "CONFIRM", "url": "https://www.gerritcodereview.com/3.1.html#3110"}, {"name": "https://www.gerritcodereview.com/3.2.html#325", "refsource": "CONFIRM", "url": "https://www.gerritcodereview.com/3.2.html#325"}]}, "source": {"discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:12:10.971Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://gerrit.googlesource.com/gerrit/+/0532fb876cb86bc091a91f78e6f28fff9e39ca65"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.gerritcodereview.com/2.15.html#21521"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.gerritcodereview.com/2.16.html#21625"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.gerritcodereview.com/3.0.html#3014"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.gerritcodereview.com/3.1.html#3110"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.gerritcodereview.com/3.2.html#325"}]}]}, "cveMetadata": {"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2020-8919", "datePublished": "2020-12-10T10:15:22", "dateReserved": "2020-02-12T00:00:00", "dateUpdated": "2024-08-04T10:12:10.971Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:gerrit:*:*:*:*:*:*:*:*", "matchCriteriaId": "85C99CB5-458B-4A7F-AA2D-B247886C7995", "versionEndExcluding": "2.15.21", "versionStartIncluding": "2.15.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:gerrit:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C858DDA-9464-4FEA-A42F-F7D5B83AA2CE", "versionEndExcluding": "2.16.25", "versionStartIncluding": "2.16.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:gerrit:*:*:*:*:*:*:*:*", "matchCriteriaId": "B16ADF17-9AC1-40F6-AB4B-0C0C2BDC5632", "versionEndExcluding": "3.0.15", "versionStartIncluding": "3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:gerrit:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9463501-D097-4BBE-BBC5-78BE8694B4C1", "versionEndExcluding": "3.1.10", "versionStartIncluding": "3.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:gerrit:*:*:*:*:*:*:*:*", "matchCriteriaId": "109C49F0-F690-4990-9E07-F3BBB483DDCA", "versionEndExcluding": "3.2.5", "versionStartIncluding": "3.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the default set of priviledges to read all other user's personal account data as well as sub-trees with restricted access."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de filtraci\u00f3n de informaci\u00f3n en Gerrit versiones anteriores a 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5, donde una falta de comprobaci\u00f3n de acceso en la API REST de la rama permite a un atacante con solo el ajuste predeterminado de privilegios leer todos los datos de la cuenta personal de los dem\u00e1s usuarios, as\u00ed como los sub\u00e1rboles con acceso restringido."}], "id": "CVE-2020-8919", "lastModified": "2020-12-16T01:02:50.263", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 2.7, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 5.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "cve-coordination@google.com", "type": "Secondary"}]}, "published": "2020-12-10T11:15:11.450", "references": [{"source": "cve-coordination@google.com", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://gerrit.googlesource.com/gerrit/+/0532fb876cb86bc091a91f78e6f28fff9e39ca65"}, {"source": "cve-coordination@google.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.gerritcodereview.com/2.15.html#21521"}, {"source": "cve-coordination@google.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.gerritcodereview.com/2.16.html#21625"}, {"source": "cve-coordination@google.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.gerritcodereview.com/3.0.html#3014"}, {"source": "cve-coordination@google.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.gerritcodereview.com/3.1.html#3110"}, {"source": "cve-coordination@google.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.gerritcodereview.com/3.2.html#325"}], "sourceIdentifier": "cve-coordination@google.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-285"}], "source": "cve-coordination@google.com", "type": "Secondary"}]}