Skip to main content
Enterprise Agile Planning icon with arrows

This post is from the CollabNet VersionOne blog and has not been updated since the original publish date.

Last Updated Jun 26, 2013 — Enterprise Agile Planning expert

Security fix for Gerrit – Please update your TeamForge Git Integration if you use branch based permissions

Enterprise Agile Planning

This week, we learned about a security problem in core Gerrit related to read related branch based permissions. The original issue can be found here.

If you do not use branch based read permission on your Gerrit server, you are not affected at all. The default repo categories configured with TeamForge do not use those, so as long you do not have any repositories using the custom repository category, there is no issue at all. If you are using the custom repository category and have configured read branch based permisisons, it is possible under certain conditions ( iff the atacker knows a SHA-1 of a commit that is normally not available to him) to get access to protected commits with a modified git client. This access is only possible for users who have at least access to some branch of this repository, so in the worst case, to TF project members you should only have partial read access (in no case to the outside world or non project members).

In order to fix this issue, you would have to upgrade our Gerrit integration to the newest version 7.1.2:
yum update ctf-git-integration

For further questions, please contact your CollabNet contact or comment on this blog post.

Best, Johannes

More from the Blog

View more
Digital.ai Government Cloud
Apr 12, 2022

Digital.ai Government Cloud receives FedRAMP Authorization through sponsorship from the United States Department of Veterans Affairs

Enterprise Agile Planning
Flagship Digital.ai Agility solutions can effectively scale agile deve ...
Read More
Nov 22, 2021

What are the qualities of highly effective agile teams?

Enterprise Agile Planning
A team is the core unit of productivity in an agile organization. Wher ...
Read More
Nov 15, 2021

How an open-first attitude revolutionized government tech development

Enterprise Agile Planning
Public perception of government is often that it is slow-moving, reluc ...
Read More
cross functional
Nov 08, 2021

6 best practices for building resilient cross-functional teams

Enterprise Agile Planning
Agile frameworks prize the quality of resilience within every facet of ...
Read More
Contact Us