CVE-2022-46685: Cleartext Transmission of Sensitive Information

December 12, 2022

In Jenkins Gitea Plugin 1.4.4 and earlier, the implementation of Gitea personal access tokens does not support credentials masking, potentially exposing them through the build log.

References

github.com/advisories/GHSA-x3qh-53qf-jxq9
github.com/jenkinsci/gitea-plugin/commit/b3b2bd869b91f9f1312bbbbf6128cad2cd86bd8c
nvd.nist.gov/vuln/detail/CVE-2022-46685
www.jenkins.io/security/advisory/2022-12-07/

Code Behaviors & Features

Detect and mitigate CVE-2022-46685 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →