CVE-2020-13344

Summary

An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Sessions keys are stored in plain-text in Redis which allows attacker with Redis access to authenticate as any user that has a session stored in Redis

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=10.8, <13.2.10affected
GitLabGitLab>=13.3.0, <13.3.7affected
GitLabGitLab>=13.4.0, <13.4.2affected

Weaknesses

  • Insecure storage of sensitive information in GitLab

ADP Enrichment

CVE Program Container

Additional References

References