{"id":"CVE-2020-13353","details":"When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above.","aliases":["GHSA-mmmm-chjf-jmvw"],"modified":"2026-05-18T14:50:26.677723Z","published":"2020-11-17T01:15:13.310Z","references":[{"type":"ADVISORY","url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13353.json"},{"type":"REPORT","url":"https://gitlab.com/gitlab-org/gitaly/-/issues/2882"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.com/gitlab-org/gitaly","events":[{"introduced":"afdd436d7eddd97854489151f1bd1e287908b371"},{"fixed":"61ec16219b9a4ca2a81e890a5121e2cfae26a517"},{"introduced":"cf359cb573106371a6026bd85c3145caabf8c06b"},{"fixed":"5aa66849a9922702b80914f3a95be5336f8bbfde"},{"introduced":"2ab91ba999dc8cea4357d077a802c65a226ecf77"},{"fixed":"dea703276dd1981b22515d8ba2837efc64f9410d"}],"database_specific":{"extracted_events":[{"introduced":"1.79.0"},{"fixed":"13.3.9"},{"introduced":"13.4.0"},{"fixed":"13.4.5"},{"introduced":"13.5.0"},{"fixed":"13.5.2"}],"cpe":"cpe:2.3:a:gitlab:gitaly:*:*:*:*:*:*:*:*","source":"CPE_FIELD"}}],"versions":["v13.5.1","v13.3.8","v13.4.4","v13.5.0","v13.4.3","v13.3.6","v13.4.1","v13.4.0","v13.3.5","v13.3.2","v13.3.1","v13.3.0","v13.3.0-rc5","v13.3.0-rc4","v13.3.0-rc3","v13.3.0-rc2","v13.3.0-rc1","v13.2.0-rc1","v13.2.0-rc2","v13.1.0-rc4","v13.1.0-rc3","v13.1.0-rc2","v13.1.0-rc1","v13.0.0-rc2","v13.0.0-rc1","v12.10.0-rc1","v12.9.0-rc3","v12.9.0-rc4","v12.9.0-rc2","v1.83.0","v12.9.0-rc1","v1.87.0","v1.86.0","v1.85.0","v1.84.0","v1.81.0","v1.82.0","v1.80.0","v1.79.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-13353.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N"}]}