CVE-2022-30332

CVE-2022-30332

by mathildeexlm

Abstract Advisory Information

The “Forgot Password” feature of the application behaves differently when the provided email address is not associated with an account and when it is not. This can result in user enumeration.

Author: Alexis PAIN

Version affected

Vendor: Talend

Name: Talend Administration Center

Version: 7.3.1.20200219

Common Vulnerability Scoring System

5.3

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:

Patches

Has been addressed under JIRA reference TAC-15950

References

Vulnerability Disclosure Timeline

  • 12/04/2022: Vulnerability discovery
  • 13/04/2022: Vulnerability Report to CERT-XLM
  • 15/04/2022: Vulnerability Report to Vendor through Contact Form
  • 15/04/2022: Vulnerability Report to Vendor through investigation at sales.uk@talend.com and customercare@talend.com
  • 20/04/2022: Acknowledge from the vendor. Vulnerability fixed in TPS-5175
  • 29/04/2022: Request CVE ID to Mitre
  • 06/05/2022: New Request to Mitre for CVE ID as no answer was provided
  • 07/05/2022: CVE IDs assigned Use CVE-2022-30332
  • 25/05/2022: Expected Vulnerability disclosure

Find other vulnerabilities in our Security Advisory section.

Top