Gitea before 1.8.0 allows 1FA for user accounts that have completed 2FA enrollment. If a user's credentials are known, then an attacker could send them to the API without requiring the 2FA one-time password.
Metrics
Affected Vendors & Products
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published: 2019-04-28T01:40:48
Updated: 2024-08-04T22:55:40.951Z
Reserved: 2019-04-27T00:00:00
Link: CVE-2019-11576

No data.

Status : Modified
Published: 2019-04-28T02:29:00.250
Modified: 2024-11-21T04:21:22.233
Link: CVE-2019-11576

No data.