Security Advisory

CVE-2020-13344

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-10-08 13:43:02

Last updated 2024-08-04 12:18:17

Assigner GitLab

State PUBLISHED

Description

An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Sessions keys are stored in plain-text in Redis which allows attacker with Redis access to authenticate as any user that has a session stored in Redis

← Browse all CVEs View on cve.org ↗