CVE-2021-45331

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.5.0

Description The issue allows a malicious user to bypass authentication, potentially gaining privileges. Specifically, it enables the reuse of one-time passwords, including the TOTP code for 2FA, which can be submitted correctly more than once. This could be exploited through the API endpoint related to authentication, although the exact endpoint is not specified.

Recommendations For versions prior to 1.5.0, update to version 1.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the 2FA functionality until the update can be applied.