CVE-2022-29942
MEDIUMTalend Administration Center - Authenticated Server-Side Request Forgery via Service Registry Add Functionality
Title source: llmDescription
Talend Administration Center has a vulnerability that allows an authenticated user to use the Service Registry 'Add' functionality to perform SSRF HTTP GET requests on URLs in the internal network. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175, and versions 7.2.x in TPS-5201. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://Talend.com
Vendor Advisory x_refsource_misc
https://www.talend.com/security/incident-response/#CVE-2022-29942
Scores
CVSS v3
6.5
EPSS
0.0062
EPSS Percentile
45.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-918
Status
published
Products (3)
talend/administration_center
7.2.0
talend/administration_center
7.3.0
talend/administration_center
8.0.0
Published
May 04, 2022
Tracked Since
Feb 18, 2026