CVE-2022-30332

In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature provides different error messages for invalid reset attempts depending on whether the email address is associated with any account. This allows remote attackers to enumerate accounts via a series of requests.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://cwe.mitre.org/data/definitions/204.html
https://excellium-services.com/cert-xlm-advisory/CVE-2022-30332	Third Party Advisory
https://help.talend.com/r/62tbPt7y~tPTxAB7y7KpeQ/H45WqEF32geNEZiGJnRwmw	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:talend:administration_center:7.3.1:*:*:*:*:*:*:*

History

05 Jun 2024, 05:15

Type	Values Removed	Values Added
References		() https://cwe.mitre.org/data/definitions/204.html -
Summary		(es) En Talend Administration Center 7.3.1.20200219 anterior a TAC-15950, la función Forgot Password proporciona diferentes mensajes de error para intentos de restablecimiento no válidos dependiendo de si la dirección de correo electrónico está asociada con alguna cuenta. Esto permite a atacantes remotos enumerar cuentas mediante una serie de solicitudes.

Information

Published : 2023-01-10 21:15

Updated : 2024-06-05 05:15

NVD link : CVE-2022-30332

Mitre link : CVE-2022-30332

CVE.ORG link : CVE-2022-30332

JSON object : View

Products Affected

talend

administration_center

CWE

CWE-640

Weak Password Recovery Mechanism for Forgotten Password

{"id": "CVE-2022-30332", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2023-01-10T21:15:11.520", "references": [{"url": "https://cwe.mitre.org/data/definitions/204.html", "source": "cve@mitre.org"}, {"url": "https://excellium-services.com/cert-xlm-advisory/CVE-2022-30332", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://help.talend.com/r/62tbPt7y~tPTxAB7y7KpeQ/H45WqEF32geNEZiGJnRwmw", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-640"}]}], "descriptions": [{"lang": "en", "value": "In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature provides different error messages for invalid reset attempts depending on whether the email address is associated with any account. This allows remote attackers to enumerate accounts via a series of requests."}, {"lang": "es", "value": "En Talend Administration Center 7.3.1.20200219 anterior a TAC-15950, la funci\u00f3n Forgot Password proporciona diferentes mensajes de error para intentos de restablecimiento no v\u00e1lidos dependiendo de si la direcci\u00f3n de correo electr\u00f3nico est\u00e1 asociada con alguna cuenta. Esto permite a atacantes remotos enumerar cuentas mediante una serie de solicitudes."}], "lastModified": "2024-06-05T05:15:49.087", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:talend:administration_center:7.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C0CE1A4-71FF-4782-B6C2-5134F605B860"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}