pkg:maven/org.jenkins-ci.plugins/sonar-gerrit
Type
maven
Namespace
org.jenkins-ci.plugins
Name
sonar-gerrit
Known advisories, vulnerabilities and fixes for org.jenkins-ci.plugins/sonar-gerrit package.
Moderate
2
Medium
2
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | <= 377.v8f3808963dc5 |
CVE-2022-46688
|
JENKINS:SECURITY-1002 | CSRF vulnerability in `sonar-gerrit` | medium |
2022-12-07T00:00:00
(21 months ago) |
|
Affected | <= 2.3 |
CVE-2019-10467
|
JENKINS:SECURITY-1003 | `sonar-gerrit` stored credentials in plain text | medium |
2019-10-23T00:00:00
(4 years ago) |
|
Affected | < 2.4.5 |
CVE-2019-10467
|
MAVEN:GHSA-6FV3-W7J6-5XFC | Jenkins Sonar Gerrit Plugin stores credentials unencrypted | moderate |
2022-05-24T16:59:37
(2 years ago) |
|
Fixed | = 2.4.5 |
CVE-2019-10467
|
MAVEN:GHSA-6FV3-W7J6-5XFC | Jenkins Sonar Gerrit Plugin stores credentials unencrypted | moderate |
2022-05-24T16:59:37
(2 years ago) |
|
Affected | <= 377.v8f3808963dc5 |
CVE-2022-46688
|
MAVEN:GHSA-M82G-FV7V-H64M | Jenkins Sonar Gerrit Plugin vulnerable to Cross-Site Request Forgery | moderate |
2022-12-12T09:30:35
(21 months ago) |
|
Fixed | = 378.vf4646d4df087 |
CVE-2022-46688
|
MAVEN:GHSA-M82G-FV7V-H64M | Jenkins Sonar Gerrit Plugin vulnerable to Cross-Site Request Forgery | moderate |
2022-12-12T09:30:35
(21 months ago) |