CVE-2020-13353 LOW

CVE-2020-13353

Vendor Gitlab
Product Gitaly
Published November 17, 2020
Last update August 4, 2024

CVSS base score

2.5/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above.

Key dates

02Disclosure timeline

November 17, 2020 CVE published
August 4, 2024 Record updated