GHSA-mmmm-chjf-jmvw

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mmmm-chjf-jmvw/GHSA-mmmm-chjf-jmvw.json
Aliases
  • CVE-2020-13353
Published
2022-05-24T17:34:24Z
Modified
2023-01-31T02:25:47.835060Z
Details

When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above. Affected versions are: >=1.79.0, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.

References

Affected packages

RubyGems / gitaly

gitaly

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.79.0
Fixed
13.3.9

Affected versions

1.*

1.79.0
1.80.0
1.81.0
1.82.0
1.83.0
1.84.0
1.85.0
1.86.0
1.87.0

12.*

12.10.0
12.9.0.pre.rc4

13.*

13.0.0.pre.rc1
13.1.0.pre.rc1
13.1.0.pre.rc3
13.1.0.pre.rc4
13.2.0.pre.rc1
13.2.0.pre.rc2
13.3.0.pre.rc1
13.3.0.pre.rc2
13.3.0.pre.rc3
13.3.0.pre.rc4
13.3.0.pre.rc5

RubyGems / gitaly

gitaly

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13.4
Fixed
13.4.5

Affected versions

RubyGems / gitaly

gitaly

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13.5
Fixed
13.5.2

Affected versions