2 matches found
GitLab 10.8 < 13.2.10 / 13.3.0 < 13.3.7 / 13.4.0 < 13.4.2 (CVE-2020-13344)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Sessions keys are stored in plain-text in Redis which allows attacker with Redis access to authentica...
CVE-2020-13344
GitLab CVE-2020-13344 affects all versions prior to 13.2.10, 13.3.7 and 13.4.2. The root cause is that session keys are stored in Redis in plaintext, allowing an attacker with Redis access to authenticate as any user who has a session stored in Redis. The provided documents specify affected versi...