CVE-2022-30332
MEDIUMTalend Administration Center 7.3.1.20200219 - Account Enumeration via Forgot Password Error Messages
Title source: llmDescription
In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature provides different error messages for invalid reset attempts depending on whether the email address is associated with any account. This allows remote attackers to enumerate accounts via a series of requests.
References (4)
Core 4
Core References
Various Sources
https://cds.thalesgroup.com/en/tcs-cert/CVE-2022-30332
Technical Description
https://cwe.mitre.org/data/definitions/204.html
Third Party Advisory
https://excellium-services.com/cert-xlm-advisory/CVE-2022-30332
Broken Link, Release Notes, Vendor Advisory
https://help.talend.com/r/62tbPt7y~tPTxAB7y7KpeQ/H45WqEF32geNEZiGJnRwmw
Scores
CVSS v3
5.3
EPSS
0.0084
EPSS Percentile
53.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-203
Status
published
Products (1)
talend/administration_center
7.3.1
Published
Jan 10, 2023
Tracked Since
Feb 18, 2026