PT-2022-19926 · Talend · Talend Administration Center

Published

2022-05-04

Updated

2022-05-13

CVE-2022-29943

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Talend Administration Center versions prior to 7.2.x Talend Administration Center versions prior to 7.3.x Talend Administration Center versions prior to 8.0.x

Description The issue allows an authenticated user to use XML External Entity (XXE) processing to achieve read access as root on the remote filesystem.

Recommendations For versions prior to 7.2.x, update to a supported version. For versions prior to 7.3.x, update to a supported version. For versions prior to 8.0.x, update to a supported version.

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2022-29943

Affected Products

Talend Administration Center

PT-2022-19926 · Talend · Talend Administration Center

CVE-2022-29943

Weakness Enumeration

Related Identifiers

Affected Products

References · 5