CVE-2022-30332

Sažetak

In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature provides different error messages for invalid reset attempts depending on whether the email address is associated with any account. This allows remote attackers to enumerate accounts via a series of requests.

Reference

https://cds.thalesgroup.com/en/tcs-cert/CVE-2022-30332
https://cwe.mitre.org/data/definitions/204.html
https://excellium-services.com/cert-xlm-advisory/CVE-2022-30332
https://help.talend.com/r/62tbPt7y~tPTxAB7y7KpeQ/H45WqEF32geNEZiGJnRwmw
https://cwe.mitre.org/data/definitions/204.html
https://excellium-services.com/cert-xlm-advisory/CVE-2022-30332
https://help.talend.com/r/62tbPt7y~tPTxAB7y7KpeQ/H45WqEF32geNEZiGJnRwmw

CVSS

Base:	5.3
Impact:	1.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Zadnje važnije ažuriranje

30-05-2025 - 16:15

Objavljeno

10-01-2023 - 21:15