CVE-2022-43421
Description
A missing permission check in Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier allows unauthenticated attackers to trigger Tuleap projects whose configured repository matches the attacker-specified value.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unauthenticated attackers can trigger Tuleap projects in Jenkins Tuleap Git Branch Source Plugin due to missing permission check.
Vulnerability
CVE-2022-43421 is a missing permission check vulnerability in the Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier. The plugin fails to verify that a user has the necessary permissions before allowing them to trigger Tuleap projects [1].
Exploitation
An unauthenticated attacker can exploit this flaw by sending a crafted request to the Jenkins controller. The attacker specifies a repository URL that matches an existing configured repository in a Tuleap project. Without authentication, the plugin will trigger the project, causing a build or other operations to be initiated [3].
Impact
Successful exploitation allows the attacker to trigger Tuleap projects arbitrarily. This can lead to unauthorized builds, resource consumption, or other unintended actions within the Jenkins environment. The impact is limited to projects whose repository configuration matches the attacker's input.
Mitigation
The vulnerability is fixed in Tuleap Git Branch Source Plugin version 3.2.5. Users should upgrade immediately. No workarounds are mentioned in the advisory [1].
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:tuleap-git-branch-sourceMaven | < 3.2.5 | 3.2.5 |
Affected products
1- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-73v5-w6fg-2m44ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-43421ghsaADVISORY
- www.openwall.com/lists/oss-security/2022/10/19/3ghsamailing-listWEB
- www.jenkins.io/security/advisory/2022-10-19/ghsaWEB
News mentions
0No linked articles in our index yet.