Skip to main content

Insufficient Session Expiration

CVE-2020-13353

Severity Low
Score 3.2/10

Summary

When importing repos via URL, one-time use git credentials were persisted beyond the expected time window in Gitaly. Affected versions are 1.79.0 prior to 13.3.9, 13.4.x prior to 13.4.5, and 13.5.x prior to 13.5.2.

  • LOW
  • LOCAL
  • NONE
  • CHANGED
  • NONE
  • HIGH
  • LOW
  • NONE

CWE-613 - Insufficient Session Expiration

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

Advisory Timeline

  • Published