← back
CVE-2022-46685

CVE-2022-46685

CVSS 4.3 MEDIUMEPSS 0.3%CWE-319
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
07 Dec 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In Jenkins Gitea Plugin 1.4.4 and earlier, the implementation of Gitea personal access tokens did not support credentials masking, potentially exposing them through the build log.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products
Jenkins Project · Jenkins Gitea Plugin

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.jenkins.io/security/advisory/2022-12-07/#SECURITY-2661