First published: Wed Dec 07 2022(Updated: )
In Jenkins Gitea Plugin 1.4.4 and earlier, the implementation of Gitea personal access tokens did not support credentials masking, potentially exposing them through the build log.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
Affected Software | Affected Version | How to fix |
---|---|---|
Gitea Gitea | <1.4.5 | |
<1.4.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2022-46685.
The severity of CVE-2022-46685 is medium with a CVSS score of 4.3.
The affected software is Gitea Gitea version up to but excluding 1.4.5.
The vulnerability potentially exposes Gitea personal access tokens through the build log.
Yes, upgrading to Jenkins Gitea Plugin version 1.4.5 or later fixes the vulnerability.