PT-2022-27949 · Jenkins · Jenkins Git Plugin
Asi Greenholts
·
Published
2022-12-07
·
Updated
2024-03-06
·
CVE-2022-46685
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins Gitea Plugin versions 1.4.4 and earlier
Description
The implementation of Gitea personal access tokens in the Jenkins Gitea Plugin did not support credentials masking, potentially exposing them through the build log. Administrators who are unable to update the plugin are advised to use SSH checkout instead.
Recommendations
For Jenkins Gitea Plugin versions 1.4.4 and earlier, update to version 1.4.5 or later, which adds support for masking of Gitea personal access tokens.
As a temporary workaround for administrators unable to update, consider using SSH checkout instead of Gitea personal access tokens.
Fix
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins Git Plugin