CVE-2022-46685

MEDIUM4.3EPSS 0.17%

Jenkins Gitea Plugin vulnerable to Cleartext Transmission of Sensitive Information

Published: 12/12/2022Modified: 4/3/2025

Also known as:GHSA-x3qh-53qf-jxq9BIT-gitea-2022-46685

Description

In Jenkins Gitea Plugin 1.4.4 and earlier, the implementation of Gitea personal access tokens did not support credentials masking, potentially exposing them through the build log.

Affected packages (2)

Bitnami/giteafrom 0, < 1.4.5
Maven/org.jenkins-ci.plugins:giteafrom 0, < 1.4.5

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-46685
PATCHhttps://github.com/jenkinsci/gitea-plugin
WEBhttps://github.com/jenkinsci/gitea-plugin/commit/b3b2bd869b91f9f1312bbbbf6128cad2cd86bd8c
WEBhttps://www.jenkins.io/security/advisory/2022-12-07/#SECURITY-2661