Threat actors are exploiting a vulnerability in Gitea’s reverse-proxy authentication mechanism to access internet-accessible instances by supplying only a valid username.
A critical flaw in Gitea's official Docker image let anyone impersonate an admin with one forged header. Sysdig spotted the ...