CVE-2020-8920 - OpenCVE

An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users' personal information associated with their accounts.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:A/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Gerrit

Configuration 1 [-]

OR	cpe:2.3:a:google:gerrit::::::::
	cpe:2.3:a:google:gerrit::::::::
	cpe:2.3:a:google:gerrit::::::::
	cpe:2.3:a:google:gerrit::::::::
	cpe:2.3:a:google:gerrit::::::::
	cpe:2.3:a:google:gerrit::::::::

No data.

References

Link	Providers
https://gerrit.googlesource.com/gerrit/+/45071d6977932bca5a1427c8abad24710fed2e33
https://www.gerritcodereview.com/2.14.html#21422
https://www.gerritcodereview.com/2.15.html#21521
https://www.gerritcodereview.com/2.16.html#21625
https://www.gerritcodereview.com/3.0.html#3014
https://www.gerritcodereview.com/3.1.html#3110
https://www.gerritcodereview.com/3.2.html#325

History

No history.

MITRE

Status: PUBLISHED

Assigner: Google

Published: 2020-12-10T10:15:23

Updated: 2024-08-04T10:12:10.990Z

Reserved: 2020-02-12T00:00:00

Link: CVE-2020-8920

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-12-10T11:15:11.933

Modified: 2021-10-07T17:08:49.593

Link: CVE-2020-8920

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Gerrit", "vendor": "Gerrit", "versions": [{"changes": [{"at": "2.15.21", "status": "unaffected"}, {"at": "2.16.25", "status": "unaffected"}, {"at": "3.0.15", "status": "unaffected"}, {"at": "3.1.10", "status": "unaffected"}, {"at": "3.2.5", "status": "unaffected"}], "lessThan": "2.14.22", "status": "affected", "version": "stable", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users' personal information associated with their accounts."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-285", "description": "CWE-285 Improper Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-12-10T10:15:23", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.gerritcodereview.com/2.15.html#21521"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.gerritcodereview.com/2.16.html#21625"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.gerritcodereview.com/3.0.html#3014"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.gerritcodereview.com/3.1.html#3110"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.gerritcodereview.com/3.2.html#325"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://gerrit.googlesource.com/gerrit/+/45071d6977932bca5a1427c8abad24710fed2e33"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.gerritcodereview.com/2.14.html#21422"}], "source": {"discovery": "INTERNAL"}, "title": "Overoptimization leads to private information leak in Gerrit", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "ID": "CVE-2020-8920", "STATE": "PUBLIC", "TITLE": "Overoptimization leads to private information leak in Gerrit"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Gerrit", "version": {"version_data": [{"version_affected": "<", "version_name": "stable", "version_value": "2.14.22"}, {"version_affected": "<", "version_name": "stable", "version_value": "2.15.21"}, {"version_affected": "<", "version_name": "stable", "version_value": "2.16.25"}, {"version_affected": "<", "version_name": "stable", "version_value": "3.0.15"}, {"version_affected": "<", "version_name": "stable", "version_value": "3.1.10"}, {"version_affected": "<", "version_name": "stable", "version_value": "3.2.5"}]}}]}, "vendor_name": "Gerrit"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users' personal information associated with their accounts."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-285 Improper Authorization"}]}]}, "references": {"reference_data": [{"name": "https://www.gerritcodereview.com/2.15.html#21521", "refsource": "CONFIRM", "url": "https://www.gerritcodereview.com/2.15.html#21521"}, {"name": "https://www.gerritcodereview.com/2.16.html#21625", "refsource": "CONFIRM", "url": "https://www.gerritcodereview.com/2.16.html#21625"}, {"name": "https://www.gerritcodereview.com/3.0.html#3014", "refsource": "CONFIRM", "url": "https://www.gerritcodereview.com/3.0.html#3014"}, {"name": "https://www.gerritcodereview.com/3.1.html#3110", "refsource": "CONFIRM", "url": "https://www.gerritcodereview.com/3.1.html#3110"}, {"name": "https://www.gerritcodereview.com/3.2.html#325", "refsource": "CONFIRM", "url": "https://www.gerritcodereview.com/3.2.html#325"}, {"name": "https://gerrit.googlesource.com/gerrit/+/45071d6977932bca5a1427c8abad24710fed2e33", "refsource": "CONFIRM", "url": "https://gerrit.googlesource.com/gerrit/+/45071d6977932bca5a1427c8abad24710fed2e33"}, {"name": "https://www.gerritcodereview.com/2.14.html#21422", "refsource": "CONFIRM", "url": "https://www.gerritcodereview.com/2.14.html#21422"}]}, "source": {"discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:12:10.990Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.gerritcodereview.com/2.15.html#21521"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.gerritcodereview.com/2.16.html#21625"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.gerritcodereview.com/3.0.html#3014"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.gerritcodereview.com/3.1.html#3110"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.gerritcodereview.com/3.2.html#325"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://gerrit.googlesource.com/gerrit/+/45071d6977932bca5a1427c8abad24710fed2e33"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.gerritcodereview.com/2.14.html#21422"}]}]}, "cveMetadata": {"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2020-8920", "datePublished": "2020-12-10T10:15:23", "dateReserved": "2020-02-12T00:00:00", "dateUpdated": "2024-08-04T10:12:10.990Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:gerrit:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B691AC9-5D19-46ED-B857-EC22AA8DCD0F", "versionEndExcluding": "2.14.22", "versionStartIncluding": "2.14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:gerrit:*:*:*:*:*:*:*:*", "matchCriteriaId": "85C99CB5-458B-4A7F-AA2D-B247886C7995", "versionEndExcluding": "2.15.21", "versionStartIncluding": "2.15.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:gerrit:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C858DDA-9464-4FEA-A42F-F7D5B83AA2CE", "versionEndExcluding": "2.16.25", "versionStartIncluding": "2.16.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:gerrit:*:*:*:*:*:*:*:*", "matchCriteriaId": "B16ADF17-9AC1-40F6-AB4B-0C0C2BDC5632", "versionEndExcluding": "3.0.15", "versionStartIncluding": "3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:gerrit:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9463501-D097-4BBE-BBC5-78BE8694B4C1", "versionEndExcluding": "3.1.10", "versionStartIncluding": "3.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:gerrit:*:*:*:*:*:*:*:*", "matchCriteriaId": "109C49F0-F690-4990-9E07-F3BBB483DDCA", "versionEndExcluding": "3.2.5", "versionStartIncluding": "3.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users' personal information associated with their accounts."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de filtraci\u00f3n de informaci\u00f3n en Gerrit versiones anteriores a 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5, donde una sobre optimizaci\u00f3n con el contenedor FilteredRepository omite una comprobaci\u00f3n de acceso en los repositorios de todos los usuarios, lo que permite a un atacante conseguir acceso de lectura a la informaci\u00f3n personal de todos los usuarios asociada con sus cuentas."}], "id": "CVE-2020-8920", "lastModified": "2021-10-07T17:08:49.593", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 2.7, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 5.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "cve-coordination@google.com", "type": "Secondary"}]}, "published": "2020-12-10T11:15:11.933", "references": [{"source": "cve-coordination@google.com", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://gerrit.googlesource.com/gerrit/+/45071d6977932bca5a1427c8abad24710fed2e33"}, {"source": "cve-coordination@google.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.gerritcodereview.com/2.14.html#21422"}, {"source": "cve-coordination@google.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.gerritcodereview.com/2.15.html#21521"}, {"source": "cve-coordination@google.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.gerritcodereview.com/2.16.html#21625"}, {"source": "cve-coordination@google.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.gerritcodereview.com/3.0.html#3014"}, {"source": "cve-coordination@google.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.gerritcodereview.com/3.1.html#3110"}, {"source": "cve-coordination@google.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.gerritcodereview.com/3.2.html#325"}], "sourceIdentifier": "cve-coordination@google.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-285"}], "source": "cve-coordination@google.com", "type": "Secondary"}]}