QID 996712
Date Published: 2024-01-16
QID 996712: Java (Maven) Security Update for com.google.gerrit:gerrit-plugin-api (GHSA-g5q2-cxgq-h2rw)
An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users' personal information associated with their accounts.
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Github security advisory GHSA-g5q2-cxgq-h2rw for updates and patch information.
Vendor References
- GHSA-g5q2-cxgq-h2rw -
github.com/advisories/GHSA-g5q2-cxgq-h2rw
CVEs related to QID 996712
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| GHSA-g5q2-cxgq-h2rw | com.google.gerrit:gerrit-plugin-api |
|