CVE-2022-46685

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-46685
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-46685.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-46685
Aliases
Published
2022-12-12T09:15:13Z
Modified
2025-10-21T07:18:06.286948Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

In Jenkins Gitea Plugin 1.4.4 and earlier, the implementation of Gitea personal access tokens did not support credentials masking, potentially exposing them through the build log.

References

Affected packages

Git / github.com/jenkinsci/gitea-plugin

Affected ranges

Type
GIT
Repo
https://github.com/jenkinsci/gitea-plugin
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
b3b2bd869b91f9f1312bbbbf6128cad2cd86bd8c

Affected versions

1.*

1.4.0--rc182.9eb947470fcf
1.4.1
1.4.2
1.4.3
1.4.4

gitea-1.*

gitea-1.0.0
gitea-1.0.1
gitea-1.0.2
gitea-1.0.3
gitea-1.0.4
gitea-1.0.5
gitea-1.0.6
gitea-1.0.7
gitea-1.0.8
gitea-1.1.0
gitea-1.1.1
gitea-1.1.2
gitea-1.2.0
gitea-1.2.1
gitea-1.3.0

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "179979438285602534127706260912291779771",
                "222442281756346699070942158940518639799",
                "140562445392765526725886768051030009183",
                "159353576604392391957463765281805192151",
                "202682493992333699308777981891624404058",
                "266475411166740443139649934384326385200",
                "172830801844529888746125042406467369526",
                "191226734031363294620595079261301709836",
                "107402332736742228794034365041996065773",
                "315910327068620196031592496065570876143",
                "166280663404474262525395248933415974613"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/jenkinsci/gitea-plugin/commit/b3b2bd869b91f9f1312bbbbf6128cad2cd86bd8c",
        "target": {
            "file": "src/main/java/org/jenkinsci/plugin/gitea/credentials/PersonalAccessTokenImpl.java"
        },
        "id": "CVE-2022-46685-2147a680"
    },
    {
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "72474560186768502575003215344147364313",
                "251438423927507060754658214655504522197",
                "220853349072030490396877233921387382307",
                "119227267564886319945481071877550562762",
                "165306893200538820083087274660525032284",
                "225910070191696114843820932440749415523",
                "223304702450310056054047228063609493811",
                "63986312918782680915652488672625927788",
                "328258896201000808699230627338870288295",
                "318139942641466351495637513705607289421",
                "79910631057692913247208505811919682475",
                "335108612523664430985854823865654858092",
                "269596335353772204525008155468658112352",
                "338869646953482694971212142887349518716",
                "3599642153804076526905801176218251146",
                "13916454470195114105488139138449568667",
                "217115542932559788708702409917888256066",
                "214555767607255851182937664895704211384",
                "10258935471980038627393333647839640684",
                "252152286096984552529214185809761819871",
                "179644848646669930340923093583624445619",
                "221346280669654943375794692091554581314",
                "223300536724210892776866872781601787290",
                "269372113870631786002997082269980524960",
                "28240188202142862413462071814190602122",
                "164814595964084428974350772034475803201",
                "209473152779898445615874579944536218085",
                "17897344123689083747236357021040725906",
                "77031789903757585674638049771764337035",
                "187375135658614148498287285781997943139"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/jenkinsci/gitea-plugin/commit/b3b2bd869b91f9f1312bbbbf6128cad2cd86bd8c",
        "target": {
            "file": "src/main/java/org/jenkinsci/plugin/gitea/GiteaSCMBuilder.java"
        },
        "id": "CVE-2022-46685-8253791b"
    },
    {
        "signature_version": "v1",
        "digest": {
            "function_hash": "1174965823066608444732711567943231579",
            "length": 2205.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/jenkinsci/gitea-plugin/commit/b3b2bd869b91f9f1312bbbbf6128cad2cd86bd8c",
        "target": {
            "function": "checkoutUriTemplate",
            "file": "src/main/java/org/jenkinsci/plugin/gitea/GiteaSCMBuilder.java"
        },
        "id": "CVE-2022-46685-8ee6aa07"
    },
    {
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "216597736296725861330656219838766838827",
                "278479068114525389764990380933298701743",
                "164421837119167151412706882459788239513",
                "272942079265756475915038351943092604308",
                "283937142396895346576135552294733708614"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/jenkinsci/gitea-plugin/commit/b3b2bd869b91f9f1312bbbbf6128cad2cd86bd8c",
        "target": {
            "file": "src/main/java/org/jenkinsci/plugin/gitea/credentials/PersonalAccessToken.java"
        },
        "id": "CVE-2022-46685-d04d9f93"
    }
]