Abstract Advisory Information
The “Forgot Password” feature of the application behaves differently when the provided email address is not associated with an account and when it is not. This can result in user enumeration.
Author: Alexis PAIN
Version affected
Vendor: Talend
Name: Talend Administration Center
Version: 7.3.1.20200219
Common Vulnerability Scoring System
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:
Patches
Has been addressed under JIRA reference TAC-15950
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2022-30332
- https://help.talend.com/r/62tbPt7y~tPTxAB7y7KpeQ/H45WqEF32geNEZiGJnRwmw
Vulnerability Disclosure Timeline
- 12/04/2022: Vulnerability discovery
- 13/04/2022: Vulnerability Report to CERT-XLM
- 15/04/2022: Vulnerability Report to Vendor through Contact Form
- 15/04/2022: Vulnerability Report to Vendor through investigation at sales.uk@talend.com and customercare@talend.com
- 20/04/2022: Acknowledge from the vendor. Vulnerability fixed in TPS-5175
- 29/04/2022: Request CVE ID to Mitre
- 06/05/2022: New Request to Mitre for CVE ID as no answer was provided
- 07/05/2022: CVE IDs assigned Use CVE-2022-30332
- 25/05/2022: Expected Vulnerability disclosure
Find other vulnerabilities in our Security Advisory section.