Skip to main content

Gerrit

4 CVEs product

Monthly

CVE-2026-2725 MEDIUM This Month

Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the "topic" tag of an unapproved change.

Authentication Bypass Gerrit
NVD VulDB
CVSS 4.0
6.0
EPSS
0.0%
CVE-2021-22553 HIGH This Week

Any git operation is passed through Jetty and a session is created. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gerrit
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-8920 Maven LOW PATCH Monitor

An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity.

Authentication Bypass Gerrit
NVD
CVSS 3.1
3.5
EPSS
0.4%
CVE-2020-8919 LOW PATCH Monitor

An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity.

Authentication Bypass Gerrit
NVD
CVSS 3.1
3.5
EPSS
0.3%
EPSS 0% CVSS 6.0
MEDIUM This Month

Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the "topic" tag of an unapproved change.

Authentication Bypass Gerrit
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Any git operation is passed through Jetty and a session is created. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gerrit
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity.

Authentication Bypass Gerrit
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity.

Authentication Bypass Gerrit
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy