Vulnerabilities
Vulnerable Software
Google:  >> Gerrit  >> 2.14.11  Security Vulnerabilities
Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the "topic" tag of an unapproved change.
CVSS Score
6.0
EPSS Score
0.002
Published
2026-05-13
Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to any of the versions listed above.
CVSS Score
6.5
EPSS Score
0.004
Published
2021-02-17
An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users' personal information associated with their accounts.
CVSS Score
3.5
EPSS Score
0.004
Published
2020-12-10


Contact Us

Shodan ® - All rights reserved