Exposure of Gitea Personal Access Tokens in Jenkins Gitea Plugin 1.4.4 and Earlier

Exposure of Gitea Personal Access Tokens in Jenkins Gitea Plugin 1.4.4 and Earlier

CVE-2022-46685 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

In Jenkins Gitea Plugin 1.4.4 and earlier, the implementation of Gitea personal access tokens did not support credentials masking, potentially exposing them through the build log.

Learn more about our Web Application Penetration Testing UK.