CVE-2022-29943

{"id": "CVE-2022-29943", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2022-05-04T18:15:09.983", "references": [{"url": "https://Talend.com", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.talend.com/security/incident-response/#CVE-2022-29942", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://Talend.com", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.talend.com/security/incident-response/#CVE-2022-29942", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-611"}]}], "descriptions": [{"lang": "en", "value": "Talend Administration Center has a vulnerability that allows an authenticated user to use XML External Entity (XXE) processing to achieve read access as root on the remote filesystem. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175, and versions 7.2.x in TPS-5201. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version."}, {"lang": "es", "value": "Talend Administration Center, presenta una vulnerabilidad que permite a un usuario autenticado usar el procesamiento de tipo XML External Entity (XXE) para conseguir acceso de lectura como root en el sistema de archivos remoto. El problema ha sido corregido para las versiones 8.0.x en TPS-5189, las versiones 7.3.x en TPS-5175 y las versiones 7.2.x en TPS-5201. Las versiones anteriores de Talend Administration Center tambi\u00e9n pueden estar afectadas; es recomendado a usuarios actualizar a una versi\u00f3n compatible"}], "lastModified": "2024-11-21T07:00:01.470", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:talend:administration_center:7.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C41B793-589A-4E05-8DD0-5B124B9BC2E2"}, {"criteria": "cpe:2.3:a:talend:administration_center:7.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E86982F7-8EFB-4639-A295-41F1010EDDEE"}, {"criteria": "cpe:2.3:a:talend:administration_center:8.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "546FEC80-19A7-4E82-AF20-B096C184DCF1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}