Low severityNVD Advisory· Published Nov 17, 2020· Updated Aug 4, 2024
CVE-2020-13353
CVE-2020-13353
Description
When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
gitalyRubyGems | >= 1.79.0, < 13.3.9 | 13.3.9 |
gitalyRubyGems | >= 13.4, < 13.4.5 | 13.4.5 |
gitalyRubyGems | >= 13.5, < 13.5.2 | 13.5.2 |
Affected products
2- Range: >=1.79.0, <13.3.9
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-mmmm-chjf-jmvwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-13353ghsaADVISORY
- github.com/rubysec/ruby-advisory-db/blob/master/gems/gitaly/CVE-2020-13353.ymlghsaWEB
- gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13353.jsonghsax_refsource_CONFIRMWEB
- gitlab.com/gitlab-org/gitaly/-/issues/2882ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.