Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-46688

A cross-site request forgery (CSRF) vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers (previously configured by Jenkins administrators) using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins.

Published

2022-12-12T09:15:13.247

Last Modified

2025-04-23T16:15:28.910

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses
  • Type: Primary
    CWE-352
  • Type: Secondary
    CWE-352
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application jenkins sonar_gerrit ≤ 377.v8f3808963dc5 Yes
References