PT-2022-19925 · Talend · Talend Administration Center
Published
2022-05-04
·
Updated
2022-05-13
·
CVE-2022-29942
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Talend Administration Center versions prior to 7.2.x
Talend Administration Center versions 7.2.x through 7.2.x before TPS-5201
Talend Administration Center versions 7.3.x through 7.3.x before TPS-5175
Talend Administration Center versions 8.0.x through 8.0.x before TPS-5189
Description
The issue allows an authenticated user to use the Service Registry 'Add' functionality to perform Server-Side Request Forgery (SSRF) HTTP GET requests on URLs in the internal network.
Recommendations
For versions 7.2.x, update to a version that includes TPS-5201.
For versions 7.3.x, update to a version that includes TPS-5175.
For versions 8.0.x, update to a version that includes TPS-5189.
For earlier versions, update to a supported version.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Talend Administration Center