Home

CVE-2020-13353

Description

When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above.

Risk Information

Base Score
3.2
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.037

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2020-13353 are fixed in Ruby-gitaly 13.3.9Windows
Vulnerabilities CVE-2020-13353 are fixed in Ruby-gitaly 13.4.5Windows
Vulnerabilities CVE-2020-13353 are fixed in Ruby-gitaly 13.5.2Windows
Vulnerabilities CVE-2020-13353 are fixed in Ruby-gitaly for Linux 13.3.9Linux
Vulnerabilities CVE-2020-13353 are fixed in Ruby-gitaly for Linux 13.4.5Linux
Vulnerabilities CVE-2020-13353 are fixed in Ruby-gitaly for Linux 13.5.2Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234