GHSA-mmmm-chjf-jmvw

Source

https://github.com/advisories/GHSA-mmmm-chjf-jmvw

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mmmm-chjf-jmvw/GHSA-mmmm-chjf-jmvw.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-mmmm-chjf-jmvw

Aliases

CVE-2020-13353

Published

2022-05-24T17:34:24Z

Modified

2023-11-08T04:02:18.736320Z

Severity

3.2 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N CVSS Calculator

Summary

Gitaly Insufficient Session Expiration vulnerability

Details

When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above. Affected versions are: >=1.79.0, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.

Database specific

{
    "nvd_published_at": "2020-11-17T01:15:00Z",
    "github_reviewed_at": "2023-01-24T18:35:04Z",
    "severity": "LOW",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-613"
    ]
}

References

Affected packages

RubyGems / gitaly

Package

Name: gitaly
Purl: pkg:gem/gitaly

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.79.0

Fixed

13.3.9

Affected versions

1.*

1.79.0

1.80.0

1.81.0

1.82.0

1.83.0

1.84.0

1.85.0

1.86.0

1.87.0

12.*

12.9.0.pre.rc4

12.10.0

13.*

13.0.0.pre.rc1

13.1.0.pre.rc1

13.1.0.pre.rc3

13.1.0.pre.rc4

13.2.0.pre.rc1

13.2.0.pre.rc2

13.3.0.pre.rc1

13.3.0.pre.rc2

13.3.0.pre.rc3

13.3.0.pre.rc4

13.3.0.pre.rc5

RubyGems / gitaly

Package

Name: gitaly
Purl: pkg:gem/gitaly

Affected ranges

Type: ECOSYSTEM
Events: Introduced

13.4

Fixed

13.4.5

RubyGems / gitaly

Package

Name: gitaly
Purl: pkg:gem/gitaly

Affected ranges

Type: ECOSYSTEM
Events: Introduced

13.5

Fixed

13.5.2