CVE-2020-13353: Insufficient Session Expiration

November 17, 2020 (updated November 28, 2020)

When importing repos via URL, one-time-use git credentials were persisted beyond the expected time window in Gitaly

References

gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13353.json
nvd.nist.gov/vuln/detail/CVE-2020-13353

Detect and mitigate CVE-2020-13353 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →