CVE-2022-46688

Published: Dec 7, 2022

Modified: Apr 23, 2025

PUBLISHED

Description

A cross-site request forgery (CSRF) vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers (previously configured by Jenkins administrators) using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins.

Vendor	Product	Versions
Jenkins Project	Jenkins Sonar Gerrit Plugin	affected `unspecified - <= 377.v8f3808963dc5` unknown `next of 377.v8f3808963dc5 - < unspecified`

References

https://www.jenkins.io/security/advisory/2022-12-07/#SECURITY-1002

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-46688

Description

Affected Products

References