CVE-2022-46688

Summary

A cross-site request forgery (CSRF) vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers (previously configured by Jenkins administrators) using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins.

Affected Software

VendorProductVersion RangeStatus
Jenkins ProjectJenkins Sonar Gerrit Pluginunspecified <= 377.v8f3808963dc5affected
Jenkins ProjectJenkins Sonar Gerrit Pluginnext of 377.v8f3808963dc5 < unspecifiedunknown

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References