CVE-2025-1568

Опубликовано: 16 апр. 2025

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via editing trusted pipelines by insufficient access controls and misconfigurations in Gerrit's project.config.

Ссылки

https://issues.chromium.org/issues/b/374279912
Broken Link
https://issuetracker.google.com/issues/374279912
Issue Tracking
Mailing List

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:chrome_os:16063.87.0:*:*:*:*:*:*:*

EPSS

Процентиль: 52%

0.00287

Низкий

8.8 High

CVSS3

Дефекты

CWE-284

Связанные уязвимости

GHSA-h4fr-qhv5-6jfq

CVSS3: 9.8

github

10 месяцев назад

Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 131.0.6778.268 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via editing trusted pipelines by insufficient access controls and misconfigurations in Gerrit's project.config.

BDU:2025-05276