Moderate severityNVD Advisory· Published Dec 7, 2022· Updated Apr 23, 2025
CVE-2022-46688
CVE-2022-46688
Description
A cross-site request forgery (CSRF) vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers (previously configured by Jenkins administrators) using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:sonar-gerritMaven | < 378.vf4646d4df087 | 378.vf4646d4df087 |
Affected products
2- Range: unspecified
Patches
Vulnerability mechanics
References
4News mentions
1- Jenkins Security Advisory 2022-12-07Jenkins Security Advisories · Dec 7, 2022