CVE-2020-13353
on gitlab
on gitlab
Published
Severity
CVSS v3:
3.2 LOW
CVSS v2:
2.1 LOW
Description
When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above.
References
Configurations
| CPE23 | Version Start | Version End | Exact Version |
|---|---|---|---|
| cpe:2.3:a:gitlab:gitaly:*:*:*:*:*:*:*:* | 13.5.0 (including) | 13.5.2 | * |
| cpe:2.3:a:gitlab:gitaly:*:*:*:*:*:*:*:* | 13.4.0 (including) | 13.4.5 | * |
| cpe:2.3:a:gitlab:gitaly:*:*:*:*:*:*:*:* | 1.79.0 (including) | 13.3.9 | * |