CVE-2022-46685 Vulnerability in maven package org.jenkins-ci.plugins:gitea

Description

In Jenkins Gitea Plugin 1.4.4 and earlier, the implementation of Gitea personal access tokens did not support credentials masking, potentially exposing them through the build log.

Remediation

References

https://www.jenkins.io/security/advisory/2022-12-07/#SECURITY-2661

Related Vulnerabilities

CVE-2021-36162 Vulnerability in maven package org.apache.dubbo:dubbo-cluster

CVE-2011-3376 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2023-24455 Vulnerability in maven package io.jenkins.plugins:visualexpert

CVE-2023-30542 Vulnerability in npm package @openzeppelin/contracts

CVE-2019-25027 Vulnerability in maven package com.vaadin:flow-server

Severity

Medium

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N