Insufficient Session Expiration
CVE-2020-13353
Summary
When importing repos via URL, one-time use git credentials were persisted beyond the expected time window in Gitaly. Affected versions are 1.79.0 prior to 13.3.9, 13.4.x prior to 13.4.5, and 13.5.x prior to 13.5.2.
- LOW
- LOCAL
- NONE
- CHANGED
- NONE
- HIGH
- LOW
- NONE
CWE-613 - Insufficient Session Expiration
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."
Advisory Timeline
- Published