CVE-2022-46685: Cleartext Transmission of Sensitive Information

December 12, 2022

In Jenkins Gitea Plugin 1.4.4 and earlier, the implementation of Gitea personal access tokens does not support credentials masking, potentially exposing them through the build log.

References

nvd.nist.gov/vuln/detail/CVE-2022-46685
www.jenkins.io/security/advisory/2022-12-07/

Detect and mitigate CVE-2022-46685 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →