A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials.

Affected Packages

Maven com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger

Affected versions: 0 (fixed in 2.30.2)

Related CVEs

CVE-2019-16551

Key Information

GHSA ID

GHSA-vmvp-2hhx-rgm8

Published

May 24, 2022 5:03 PM

Last Modified

November 1, 2022 10:47 PM

CVSS Score

7.5 /10

Primary Ecosystem

Maven

Primary Package

com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 6, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.