[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"all-banners":3,"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0":4,"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU":11,"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU":17,"vulnerability-28696":24},[],["Island",5],{"key":6,"params":7,"result":9},"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0",{"props":8},"{}",{"head":10},{},["Island",12],{"key":13,"params":14,"result":15},"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU",{"props":8},{"head":16},{},["Island",18],{"key":19,"params":20,"result":22},"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU",{"props":21},"{\"text-color\":\"gray\"}",{"head":23},{},{"id":25,"detectable_with":26,"vuln_details":33,"vuln_id":43,"name":44,"published":45,"updated":34},28696,{"tool":27,"engine":30},{"id":28,"name":29},1,"Network Scanner",{"id":31,"name":32},2,"Nuclei",{"id":25,"codename":34,"description":34,"severity":35,"risk_description":36,"public_description":37,"public_recommendation":38,"recommendation":34,"references":39,"cvssv3":34,"epss_score":34,"epss_percentile":34,"cve":34,"in_cisa_catalog":42,"date":34,"software_type":34,"vendor":34,"product":34,"ptt_exploit_capabilities":34},null,"medium","The risk exists that the data is unknowingly exposed to the internet, making it accessible to remote threat actors that can leverage it to attack the target, or the entire company, depending on the sensitivity of the data.","Gerrit Code Review exposes the /accounts/ REST API endpoint which can be used to enumerate user accounts.The endpoint allows querying for accounts by username, email, or name, potentially revealing sensitive user information including account IDs, names, emails, and usernames without authentication.","We suggest restricting access to the exposed resource.",[40,41],"https://gerrit-review.googlesource.com/Documentation/rest-api-accounts.html","https://gerrit-documentation.storage.googleapis.com/Documentation/2.11/rest-api-accounts.html",false,"NETSCAN-NUCLEI-EXPOSURES-GERRIT-ACCOUNT-ENUM","Gerrit Code Review - Account Enumeration","2026-01-23T00:00:00Z"]