{"id":"CVE-2022-46685","details":"In Jenkins Gitea Plugin 1.4.4 and earlier, the implementation of Gitea personal access tokens did not support credentials masking, potentially exposing them through the build log.","aliases":["BIT-gitea-2022-46685","GHSA-x3qh-53qf-jxq9"],"modified":"2026-04-11T23:22:35.970813Z","published":"2022-12-12T09:15:13.083Z","references":[{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2022-12-07/#SECURITY-2661"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/gitea-plugin","events":[{"introduced":"0"},{"fixed":"b3b2bd869b91f9f1312bbbbf6128cad2cd86bd8c"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.4.5"}]}}],"versions":["1.4.0--rc182.9eb947470fcf","1.4.1","1.4.2","1.4.3","1.4.4","gitea-1.0.0","gitea-1.0.1","gitea-1.0.2","gitea-1.0.3","gitea-1.0.4","gitea-1.0.5","gitea-1.0.6","gitea-1.0.7","gitea-1.0.8","gitea-1.1.0","gitea-1.1.1","gitea-1.1.2","gitea-1.2.0","gitea-1.2.1","gitea-1.3.0"],"database_specific":{"vanir_signatures":[{"id":"CVE-2022-46685-2147a680","signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["179979438285602534127706260912291779771","222442281756346699070942158940518639799","140562445392765526725886768051030009183","159353576604392391957463765281805192151","202682493992333699308777981891624404058","266475411166740443139649934384326385200","172830801844529888746125042406467369526","191226734031363294620595079261301709836","107402332736742228794034365041996065773","315910327068620196031592496065570876143","166280663404474262525395248933415974613"]},"target":{"file":"src/main/java/org/jenkinsci/plugin/gitea/credentials/PersonalAccessTokenImpl.java"},"signature_type":"Line","source":"https://github.com/jenkinsci/gitea-plugin/commit/b3b2bd869b91f9f1312bbbbf6128cad2cd86bd8c"},{"id":"CVE-2022-46685-8253791b","signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["72474560186768502575003215344147364313","251438423927507060754658214655504522197","220853349072030490396877233921387382307","119227267564886319945481071877550562762","165306893200538820083087274660525032284","225910070191696114843820932440749415523","223304702450310056054047228063609493811","63986312918782680915652488672625927788","328258896201000808699230627338870288295","318139942641466351495637513705607289421","79910631057692913247208505811919682475","335108612523664430985854823865654858092","269596335353772204525008155468658112352","338869646953482694971212142887349518716","3599642153804076526905801176218251146","13916454470195114105488139138449568667","217115542932559788708702409917888256066","214555767607255851182937664895704211384","10258935471980038627393333647839640684","252152286096984552529214185809761819871","179644848646669930340923093583624445619","221346280669654943375794692091554581314","223300536724210892776866872781601787290","269372113870631786002997082269980524960","28240188202142862413462071814190602122","164814595964084428974350772034475803201","209473152779898445615874579944536218085","17897344123689083747236357021040725906","77031789903757585674638049771764337035","187375135658614148498287285781997943139"]},"target":{"file":"src/main/java/org/jenkinsci/plugin/gitea/GiteaSCMBuilder.java"},"signature_type":"Line","source":"https://github.com/jenkinsci/gitea-plugin/commit/b3b2bd869b91f9f1312bbbbf6128cad2cd86bd8c"},{"id":"CVE-2022-46685-8ee6aa07","signature_version":"v1","deprecated":false,"digest":{"function_hash":"1174965823066608444732711567943231579","length":2205},"target":{"function":"checkoutUriTemplate","file":"src/main/java/org/jenkinsci/plugin/gitea/GiteaSCMBuilder.java"},"signature_type":"Function","source":"https://github.com/jenkinsci/gitea-plugin/commit/b3b2bd869b91f9f1312bbbbf6128cad2cd86bd8c"},{"id":"CVE-2022-46685-d04d9f93","signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["216597736296725861330656219838766838827","278479068114525389764990380933298701743","164421837119167151412706882459788239513","272942079265756475915038351943092604308","283937142396895346576135552294733708614"]},"target":{"file":"src/main/java/org/jenkinsci/plugin/gitea/credentials/PersonalAccessToken.java"},"signature_type":"Line","source":"https://github.com/jenkinsci/gitea-plugin/commit/b3b2bd869b91f9f1312bbbbf6128cad2cd86bd8c"}],"vanir_signatures_modified":"2026-04-11T23:22:35Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-46685.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}