CVE-2020-13353 – gitaly

Package

Manager: gem
Name: gitaly
Vulnerable Version: >=1.79.0 <13.3.9 || >=13.4 <13.4.5 || >=13.5 <13.5.2

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

EPSS: 0.00081 pctl0.24569

Details

Gitaly Insufficient Session Expiration vulnerability When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above. Affected versions are: >=1.79.0, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.

Metadata

Created: 2022-05-24T17:34:24Z
Modified: 2023-01-24T18:35:04Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mmmm-chjf-jmvw/GHSA-mmmm-chjf-jmvw.json
CWE IDs: ["CWE-613"]
Alternative ID: GHSA-mmmm-chjf-jmvw
Finding: F068
Auto approve: 1