HomePentest-Tools.com Logo

Gitea < 1.8.0 2FA Bypass Vulnerability CVE-2019-11576

Severity
CVSSv3 Score
9.8
Vulnerability description

Gitea is prone to a two factor authentication bypass vulnerability.

Risk description

Gitea allows 1FA (One-Factor Authentication) for user accounts that have completed 2FA (Two-Factor Authentication) enrollment. If a users credentials are known, then an attacker could send them to the API without requiring the 2FA one-time password.

Recommendation

Update to version 1.8.0 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Apr 28, 2019
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available