Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1tbW1tLWNoamYtam12d84AAmp5
Gitaly Insufficient Session Expiration vulnerability
When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above. Affected versions are: >=1.79.0, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.
Permalink: https://github.com/advisories/GHSA-mmmm-chjf-jmvwJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tbW1tLWNoamYtam12d84AAmp5
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago
CVSS Score: 3.2
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
Identifiers: GHSA-mmmm-chjf-jmvw, CVE-2020-13353
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-13353
- https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13353.json
- https://gitlab.com/gitlab-org/gitaly/-/issues/2882
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/gitaly/CVE-2020-13353.yml
- https://github.com/advisories/GHSA-mmmm-chjf-jmvw
Blast Radius: 9.2
Affected Packages
rubygems:gitaly
Dependent packages: 0Dependent repositories: 740
Downloads: 27,364,011 total
Affected Version Ranges: >= 13.5, < 13.5.2, >= 13.4, < 13.4.5, >= 1.79.0, < 13.3.9
Fixed in: 13.5.2, 13.4.5, 13.3.9
All affected versions: 1.79.0, 1.80.0, 1.81.0, 1.82.0, 1.83.0, 1.84.0, 1.85.0, 1.86.0, 1.87.0, 12.10.0
All unaffected versions: 0.0.1, 0.0.2, 0.2.0, 0.2.1, 0.3.0, 0.4.0, 0.5.0, 0.5.1, 0.6.0, 0.7.0, 0.8.0, 0.9.0, 0.11.0, 0.12.1, 0.13.0, 0.14.0, 0.15.0, 0.16.0, 0.17.0, 0.18.0, 0.19.0, 0.20.0, 0.21.0, 0.22.0, 0.23.0, 0.24.0, 0.25.0, 0.26.0, 0.27.0, 0.28.0, 0.28.1, 0.29.0, 0.30.0, 1.58.0, 1.58.1, 1.59.0, 1.59.1, 1.59.2, 1.60.0, 1.61.0, 1.62.0, 1.63.0, 1.64.0, 1.65.0, 1.66.0, 1.67.0, 1.68.0, 1.69.0, 1.70.0, 1.71.0, 1.72.0, 1.73.0, 1.74.0, 1.75.0, 1.76.0, 1.77.0, 1.77.1, 1.78.0, 13.6.1, 14.8.0, 15.4.0, 15.4.4, 15.5.0, 15.5.2, 16.1.0, 16.1.1, 16.1.2, 16.1.3, 16.1.4, 16.1.5, 16.1.6, 16.2.0, 16.2.1, 16.2.2, 16.2.3, 16.2.4, 16.2.5, 16.2.6, 16.2.7, 16.2.8, 16.2.9, 16.3.0, 16.3.1, 16.3.2, 16.3.3, 16.3.4, 16.3.5, 16.3.6, 16.3.7, 16.4.0, 16.4.1, 16.4.2, 16.4.3, 16.4.4, 16.4.5, 16.5.0, 16.5.1, 16.5.2, 16.5.3, 16.5.4, 16.5.6, 16.5.7, 16.5.8, 16.6.0, 16.6.1, 16.6.2, 16.6.4, 16.6.5, 16.6.6, 16.6.7, 16.7.0, 16.7.2, 16.7.3, 16.7.4, 16.7.5, 16.7.6, 16.7.7, 16.8.0, 16.8.1, 16.8.2, 16.8.3, 16.8.4, 16.8.5, 16.8.6, 16.8.7, 16.9.0, 16.9.1, 16.9.2, 16.9.3, 16.9.4, 16.9.5, 16.10.0, 16.10.1, 16.10.2, 16.10.3, 16.11.0