CVE-2020-13353

Summary

When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above.

Affected Software

VendorProductVersion RangeStatus
GitLabGitaly>=1.79.0, <13.3.9affected
GitLabGitaly>=13.4, <13.4.5affected
GitLabGitaly>=13.5, <13.5.2affected

Weaknesses

  • Cleartext storage of sensitive information in Gitaly

ADP Enrichment

CVE Program Container

Additional References

References