Lucene search

MitreVULNRICHMENT:CVE-2022-30332

HistoryJan 10, 2023 - 12:00 a.m.

CVE-2022-30332

2023-01-1000:00:00

mitre

github.com

talend

administration center

forgot password

enumeration

vulnerability

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.1%

JSON

In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature provides different error messages for invalid reset attempts depending on whether the email address is associated with any account. This allows remote attackers to enumerate accounts via a series of requests.

References

cwe.mitre.org/data/definitions/204.html

excellium-services.com/cert-xlm-advisory/CVE-2022-30332

help.talend.com/r/62tbPt7y~tPTxAB7y7KpeQ/H45WqEF32geNEZiGJnRwmw

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.1%

JSON

Related for VULNRICHMENT:CVE-2022-30332