CVE-2022-46685

MEDIUM

Jenkins Gitea Plugin <1.4.4 - Info Disclosure

Title source: llm

Description

In Jenkins Gitea Plugin 1.4.4 and earlier, the implementation of Gitea personal access tokens did not support credentials masking, potentially exposing them through the build log.

References (1)

Core 1

Core References

Vendor Advisory

https://www.jenkins.io/security/advisory/2022-12-07/#SECURITY-2661

Scores

CVSS v3 4.3

EPSS 0.0017

EPSS Percentile 38.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-319

Status published

Products (2)

gitea/gitea < 1.4.5

org.jenkins-ci.plugins/gitea 0 - 1.4.5Maven

Published Dec 12, 2022

Tracked Since Feb 18, 2026