Vulnerabilities > CVE-2022-30332 - Information Exposure Through Discrepancy vulnerability in Talend Administration Center 7.3.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature provides different error messages for invalid reset attempts depending on whether the email address is associated with any account. This allows remote attackers to enumerate accounts via a series of requests.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
References
- https://cwe.mitre.org/data/definitions/204.html
- https://cwe.mitre.org/data/definitions/204.html
- https://excellium-services.com/cert-xlm-advisory/CVE-2022-30332
- https://excellium-services.com/cert-xlm-advisory/CVE-2022-30332
- https://help.talend.com/r/62tbPt7y~tPTxAB7y7KpeQ/H45WqEF32geNEZiGJnRwmw
- https://help.talend.com/r/62tbPt7y~tPTxAB7y7KpeQ/H45WqEF32geNEZiGJnRwmw