Google

Gerrit

4 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.12%
  • Veröffentlicht 13.05.2026 05:32:49
  • Zuletzt bearbeitet 30.06.2026 19:02:46

Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches v...

  • EPSS 0.36%
  • Veröffentlicht 17.02.2021 12:15:12
  • Zuletzt bearbeitet 21.11.2024 05:50:19

Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We ...

  • EPSS 0.32%
  • Veröffentlicht 10.12.2020 11:15:11
  • Zuletzt bearbeitet 21.11.2024 05:39:41

An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the default set of priviledges to read all other user's pers...

  • EPSS 0.37%
  • Veröffentlicht 10.12.2020 11:15:11
  • Zuletzt bearbeitet 21.11.2024 05:39:41

An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing a...