CVE-2022-30332

In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature provides different error messages for invalid reset attempts depending on whether the email address is associated with any account. This allows remote attackers to enumerate accounts via a series of requests.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
talendadministration_center
7.3.1
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
talendadministration_center
7.3.1.20200219 ≤
𝑥
< tac_15950
ADP
Common Weakness Enumeration
References
https://cds.thalesgroup.com/en/tcs-cert/CVE-2022-30332
https://cwe.mitre.org/data/definitions/204.html
https://excellium-services.com/cert-xlm-advisory/CVE-2022-30332
https://help.talend.com/r/62tbPt7y~tPTxAB7y7KpeQ/H45WqEF32geNEZiGJnRwmw
https://cwe.mitre.org/data/definitions/204.html
https://excellium-services.com/cert-xlm-advisory/CVE-2022-30332
https://help.talend.com/r/62tbPt7y~tPTxAB7y7KpeQ/H45WqEF32geNEZiGJnRwmw