CVE-2022-46685

In Jenkins Gitea Plugin 1.4.4 and earlier, the implementation of Gitea personal access tokens did not support credentials masking, potentially exposing them through the build log.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.jenkins.io/security/advisory/2022-12-07/#SECURITY-2661	Vendor Advisory
https://www.jenkins.io/security/advisory/2022-12-07/#SECURITY-2661	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:gitea:gitea:*:*:*:*:*:jenkins:*:*

History

21 Nov 2024, 07:30

Type	Values Removed	Values Added
References	~~() https://www.jenkins.io/security/advisory/2022-12-07/#SECURITY-2661 - Vendor Advisory~~	() https://www.jenkins.io/security/advisory/2022-12-07/#SECURITY-2661 - Vendor Advisory
Summary		(es) Jenkins Gitea Plugin 1.4.4 y versiones anteriores, la implementación de tokens de acceso personal de Gitea no admitía el enmascaramiento de credenciales, lo que podría exponerlas a través del registro de compilación.

Information

Published : 2022-12-12 09:15

Updated : 2025-04-23 15:15

NVD link : CVE-2022-46685

Mitre link : CVE-2022-46685

CVE.ORG link : CVE-2022-46685

JSON object : View

Products Affected

gitea

gitea

CWE

CWE-319

Cleartext Transmission of Sensitive Information

{"id": "CVE-2022-46685", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2022-12-12T09:15:13.083", "references": [{"url": "https://www.jenkins.io/security/advisory/2022-12-07/#SECURITY-2661", "tags": ["Vendor Advisory"], "source": "jenkinsci-cert@googlegroups.com"}, {"url": "https://www.jenkins.io/security/advisory/2022-12-07/#SECURITY-2661", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-319"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-319"}]}], "descriptions": [{"lang": "en", "value": "In Jenkins Gitea Plugin 1.4.4 and earlier, the implementation of Gitea personal access tokens did not support credentials masking, potentially exposing them through the build log."}, {"lang": "es", "value": "Jenkins Gitea Plugin 1.4.4 y versiones anteriores, la implementaci\u00f3n de tokens de acceso personal de Gitea no admit\u00eda el enmascaramiento de credenciales, lo que podr\u00eda exponerlas a trav\u00e9s del registro de compilaci\u00f3n."}], "lastModified": "2025-04-23T15:15:58.573", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gitea:gitea:*:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "63309C5B-C1A2-4460-AA17-5F2CA020C690", "versionEndExcluding": "1.4.5"}], "operator": "OR"}]}], "sourceIdentifier": "jenkinsci-cert@googlegroups.com"}

4.3 /10