CVE-2022-30332

Name of the Vulnerable Software and Affected Versions Talend Administration Center version 7.3.1.20200219

Description The Forgot Password feature in the affected software provides different error messages for invalid reset attempts depending on whether the email address is associated with any account. This allows remote attackers to enumerate accounts via a series of requests to the Forgot Password feature.

Recommendations For Talend Administration Center version 7.3.1.20200219, update to a version that includes the fix for the issue, specifically after TAC-15950, to resolve the account enumeration vulnerability. As a temporary workaround, consider restricting access to the Forgot Password feature to minimize the risk of exploitation.