PT-2022-20876 · Talend · Talend Administration Center
Published
2022-05-26
·
Updated
2022-06-08
·
CVE-2022-31648
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Talend Administration Center versions prior to 7.2.x
Talend Administration Center versions 7.2.x through 7.2.x before TPS-5235
Talend Administration Center versions 7.3.x through 7.3.x before TPS-5324
Talend Administration Center versions 8.0.x through 8.0.x before TPS-5233
Description
The issue is a reflected Cross-Site Scripting (XSS) in the SSO login endpoint. Earlier versions of Talend Administration Center may also be impacted.
Recommendations
For versions 7.2.x, update to a version that includes TPS-5235.
For versions 7.3.x, update to a version that includes TPS-5324.
For versions 8.0.x, update to a version that includes TPS-5233.
As a temporary workaround, consider restricting access to the SSO login endpoint until a patch is available.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Talend Administration Center