CVE-2022-46688

Name of the Vulnerable Software and Affected Versions Jenkins Sonar Gerrit Plugin versions 377.v8f3808963dc5 and earlier

Description A cross-site request forgery (CSRF) issue allows attackers to have Jenkins connect to Gerrit servers using attacker-specified credentials IDs, potentially capturing credentials stored in Jenkins. This could be achieved by attackers obtaining credentials IDs through another method.

Recommendations For Jenkins Sonar Gerrit Plugin versions 377.v8f3808963dc5 and earlier, as a temporary workaround, consider restricting access to the plugin until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.