VYPR

Maven package

com.google.gerrit/gerrit-plugin-api

pkg:maven/com.google.gerrit/gerrit-plugin-api

Vulnerabilities (1)

  • CVE-2020-8920Dec 10, 2020
    affected < 2.14.22fixed 2.14.22

    An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access