VYPR
Moderate severityNVD Advisory· Published Dec 7, 2022· Updated Apr 23, 2025

CVE-2022-46688

CVE-2022-46688

Description

A cross-site request forgery (CSRF) vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers (previously configured by Jenkins administrators) using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.jenkins-ci.plugins:sonar-gerritMaven
< 378.vf4646d4df087378.vf4646d4df087

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

1