Gitaly Insufficient Session Expiration vulnerability
Low severity
GitHub Reviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Mar 6, 2023
Package
Affected versions
>= 1.79.0, < 13.3.9
>= 13.4, < 13.4.5
>= 13.5, < 13.5.2
Patched versions
13.3.9
13.4.5
13.5.2
Description
Published by the National Vulnerability Database
Nov 17, 2020
Published to the GitHub Advisory Database
May 24, 2022
Reviewed
Jan 24, 2023
Last updated
Mar 6, 2023
When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above. Affected versions are: >=1.79.0, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.
References