GHSA-x3qh-53qf-jxq9

Suggest an improvement
Source
https://github.com/advisories/GHSA-x3qh-53qf-jxq9
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-x3qh-53qf-jxq9/GHSA-x3qh-53qf-jxq9.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-x3qh-53qf-jxq9
Aliases
Published
2022-12-12T09:30:35Z
Modified
2023-12-06T01:02:43.491591Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Jenkins Gitea Plugin vulnerable to Cleartext Transmission of Sensitive Information
Details

In Jenkins Gitea Plugin 1.4.4 and earlier, the implementation of Gitea personal access tokens did not support credentials masking, potentially exposing them through the build log.

Gitea Plugin 1.4.5 adds support for masking of Gitea personal access tokens.

Administrators unable to update are advised to use SSH checkout instead.

Database specific 
{
    "nvd_published_at": "2022-12-12T09:15:00Z",
    "github_reviewed_at": "2022-12-12T22:18:16Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-319"
    ]
}
References

Affected packages

Maven / org.jenkins-ci.plugins:gitea

Package

Name
org.jenkins-ci.plugins:gitea
View open source insights on deps.dev
Purl
pkg:maven/org.jenkins-ci.plugins/gitea

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.5

Affected versions

1.*

1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.1.0
1.1.1
1.1.2
1.2.0
1.2.1
1.3.0
1.4.0--rc182.9eb947470fcf
1.4.1
1.4.2
1.4.3
1.4.4