Cezar97

**Name of the Vulnerable Software and Affected Versions** Gitea versions prior to 1.5.0 **Description** The issue allows a malicious user to bypass authentication, potentially gaining privileges. Specifically, it enables the reuse of one-time passwords, including the TOTP code for 2FA, which can be submitted correctly more than once. This could be exploited through the API endpoint related to authentication, although the exact endpoint is not specified. **Recommendations** For versions prior to 1.5.0, update to version 1.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the 2FA functionality until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** Gitea versions prior to 1.5.1 **Description** A Cross Site Scripting (XSS) issue exists in the repository settings, specifically inside the external wiki/issue tracker URL field. This allows for potential exploitation. No information is provided about the estimated number of affected devices or real-world incidents. **Recommendations** For versions prior to 1.5.1, update to version 1.5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the external wiki/issue tracker URL field in the repository settings until a patch is applied.