Jenkins · Jenkins Git Plugin · CVE-2022-46685
**Name of the Vulnerable Software and Affected Versions**
Jenkins Gitea Plugin versions 1.4.4 and earlier
**Description**
The implementation of Gitea personal access tokens in the Jenkins Gitea Plugin did not support credentials masking, potentially exposing them through the build log. Administrators who are unable to update the plugin are advised to use SSH checkout instead.
**Recommendations**
For Jenkins Gitea Plugin versions 1.4.4 and earlier, update to version 1.4.5 or later, which adds support for masking of Gitea personal access tokens.
As a temporary workaround for administrators unable to update, consider using SSH checkout instead of Gitea personal access tokens.