CVE-2022-29942 Information

Jun 07, 2022 cve

Description

Talend Administration Center has a vulnerability that allows an authenticated user to use the Service Registry ‘Add’ functionality to perform SSRF HTTP GET requests on URLs in the internal network. The issue is fixed for versions 8.0.x in TPS-5189 versions 7.3.x in TPS-5175 and versions 7.2.x in TPS-5201. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Reference

https://www.talend.com/security/incident-response/#CVE-2022-29942 https://Talend.com

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

6.5

Share on: