CVE-2022-30332

In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature provides different error messages for invalid reset attempts depending on whether the email address is associated with any account. This allows remote attackers to enumerate accounts via a series of requests.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://cwe.mitre.org/data/definitions/204.html	Technical Description
https://excellium-services.com/cert-xlm-advisory/CVE-2022-30332	Third Party Advisory
https://help.talend.com/r/62tbPt7y~tPTxAB7y7KpeQ/H45WqEF32geNEZiGJnRwmw	Broken Link Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:talend:administration_center:7.3.1:*:*:*:*:*:*:*

History

18 Jun 2024, 14:01

Type	Values Removed	Values Added
CWE	~~CWE-640~~	CWE-203
References	~~() https://cwe.mitre.org/data/definitions/204.html -~~	() https://cwe.mitre.org/data/definitions/204.html - Technical Description
References	~~() https://help.talend.com/r/62tbPt7y~tPTxAB7y7KpeQ/H45WqEF32geNEZiGJnRwmw - Release Notes, Vendor Advisory~~	() https://help.talend.com/r/62tbPt7y~tPTxAB7y7KpeQ/H45WqEF32geNEZiGJnRwmw - Broken Link, Release Notes, Vendor Advisory

05 Jun 2024, 05:15

Type	Values Removed	Values Added
References		() https://cwe.mitre.org/data/definitions/204.html -

Information

Published : 2023-01-10 21:15

Updated : 2024-07-03 01:38

NVD link : CVE-2022-30332

Mitre link : CVE-2022-30332

CVE.ORG link : CVE-2022-30332

JSON object : View

Products Affected

talend

administration_center

CWE

CWE-203

Observable Discrepancy

{"id": "CVE-2022-30332", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2023-01-10T21:15:11.520", "references": [{"url": "https://cwe.mitre.org/data/definitions/204.html", "tags": ["Technical Description"], "source": "cve@mitre.org"}, {"url": "https://excellium-services.com/cert-xlm-advisory/CVE-2022-30332", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://help.talend.com/r/62tbPt7y~tPTxAB7y7KpeQ/H45WqEF32geNEZiGJnRwmw", "tags": ["Broken Link", "Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-203"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-203"}]}], "descriptions": [{"lang": "en", "value": "In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature provides different error messages for invalid reset attempts depending on whether the email address is associated with any account. This allows remote attackers to enumerate accounts via a series of requests."}, {"lang": "es", "value": "En Talend Administration Center 7.3.1.20200219 anterior a TAC-15950, la funci\u00f3n Forgot Password proporciona diferentes mensajes de error para intentos de restablecimiento no v\u00e1lidos dependiendo de si la direcci\u00f3n de correo electr\u00f3nico est\u00e1 asociada con alguna cuenta. Esto permite a atacantes remotos enumerar cuentas mediante una serie de solicitudes."}], "lastModified": "2024-07-03T01:38:27.583", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:talend:administration_center:7.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C0CE1A4-71FF-4782-B6C2-5134F605B860"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}