In all versions of GitLab, marshalled session keys were being stored in Redis.
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Gitlab | Gitlab | * | 13.7.8 (excluding) |
Gitlab | Gitlab | 13.8.0 (including) | 13.8.5 (excluding) |
Gitlab | Gitlab | 13.9.0 (including) | 13.9.2 (excluding) |