CVE-2022-30332
5.3MEDIUMIn Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature provides different error messages for invalid reset attempts depending on whether the email address is asso
Published: 1/10/2023Updated: 5/30/2025
Description
In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature provides different error messages for invalid reset attempts depending on whether the email address is associated with any account. This allows remote attackers to enumerate accounts via a series of requests.
AI AnalysisPowered by AI
Affected Products
talendadministration_center
7.3.1
References
- https://cds.thalesgroup.com/en/tcs-cert/CVE-2022-30332
- https://cwe.mitre.org/data/definitions/204.htmlTechnical Description
- https://excellium-services.com/cert-xlm-advisory/CVE-2022-30332Third Party Advisory
- https://help.talend.com/r/62tbPt7y~tPTxAB7y7KpeQ/H45WqEF32geNEZiGJnRwmwBroken LinkRelease NotesVendor Advisory
- https://cwe.mitre.org/data/definitions/204.htmlTechnical Description
- https://excellium-services.com/cert-xlm-advisory/CVE-2022-30332Third Party Advisory
- https://help.talend.com/r/62tbPt7y~tPTxAB7y7KpeQ/H45WqEF32geNEZiGJnRwmwBroken LinkRelease NotesVendor Advisory