CVE-2022-46685

In Jenkins Gitea Plugin 1.4.4 and earlier, the implementation of Gitea personal access tokens did not support credentials masking, potentially exposing them through the build log.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
jenkinsCNA
---
---
CVEADP
---
---
CISA-ADPADP
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
VendorProductVersion
giteagitea
𝑥
< 1.4.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.jenkins.io/security/advisory/2022-12-07/#SECURITY-2661
https://www.jenkins.io/security/advisory/2022-12-07/#SECURITY-2661