Vulnerability Description
In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature provides different error messages for invalid reset attempts depending on whether the email address is associated with any account. This allows remote attackers to enumerate accounts via a series of requests.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Talend | Administration Center | 7.3.1 |
Related Weaknesses (CWE)
References
- https://cds.thalesgroup.com/en/tcs-cert/CVE-2022-30332
- https://cwe.mitre.org/data/definitions/204.htmlTechnical Description
- https://excellium-services.com/cert-xlm-advisory/CVE-2022-30332Third Party Advisory
- https://help.talend.com/r/62tbPt7y~tPTxAB7y7KpeQ/H45WqEF32geNEZiGJnRwmwBroken LinkRelease NotesVendor Advisory
- https://cwe.mitre.org/data/definitions/204.htmlTechnical Description
- https://excellium-services.com/cert-xlm-advisory/CVE-2022-30332Third Party Advisory
- https://help.talend.com/r/62tbPt7y~tPTxAB7y7KpeQ/H45WqEF32geNEZiGJnRwmwBroken LinkRelease NotesVendor Advisory
FAQ
What is CVE-2022-30332?
CVE-2022-30332 is a vulnerability with a CVSS score of 5.3 (MEDIUM). In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature provides different error messages for invalid reset attempts depending on whether the email address is asso...
How severe is CVE-2022-30332?
CVE-2022-30332 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-30332?
Check the references section above for vendor advisories and patch information. Affected products include: Talend Administration Center.