4 matches found
CVE-2019-11576
Gitea before 1.8.0 allows 1FA for user accounts that have completed 2FA enrollment. If a user's credentials are known, then an attacker could send them to the API without requiring the 2FA one-time password...
CVE-2019-11576
Gitea before 1.8.0 allows 1FA for user accounts that have completed 2FA enrollment. If a user's credentials are known, then an attacker could send them to the API without requiring the 2FA one-time password...
UBUNTU-CVE-2019-11576
Gitea before 1.8.0 allows 1FA for user accounts that have completed 2FA enrollment. If a user's credentials are known, then an attacker could send them to the API without requiring the 2FA one-time password...
CVE-2019-11576
Gitea before 1.8.0 is affected by CVE-2019-11576, where accounts that have completed 2FA enrollment can be subjected to a 1FA bypass if the attacker has the user’s credentials, allowing API access without the one-time password. The vulnerability is rooted in 2FA bypass for accounts with active 2F...