CVE-2022-31648 - OpenCVE

Talend Administration Center is vulnerable to a reflected Cross-Site Scripting (XSS) issue in the SSO login endpoint. The issue is fixed for versions 8.0.x in TPS-5233, for versions 7.3.x in TPS-5324, and for versions 7.2.x in TPS-5235. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Talend	Administration Center

Configuration 1 [-]

OR	cpe:2.3:a:talend:administration_center:7.2.0:::::::*
	cpe:2.3:a:talend:administration_center:7.3.0:::::::*
	cpe:2.3:a:talend:administration_center:8.0.0:::::::*

No data.

References

Link	Providers
https://talend.com
https://www.talend.com/security/incident-response/#CVE-2022-31648

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-05-26T19:07:39

Updated: 2024-08-03T07:26:00.978Z

Reserved: 2022-05-25T00:00:00

Link: CVE-2022-31648

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-05-26T20:15:10.480

Modified: 2022-06-08T16:06:43.497

Link: CVE-2022-31648

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Talend Administration Center is vulnerable to a reflected Cross-Site Scripting (XSS) issue in the SSO login endpoint. The issue is fixed for versions 8.0.x in TPS-5233, for versions 7.3.x in TPS-5324, and for versions 7.2.x in TPS-5235. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-05-26T19:07:39", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://talend.com"}, {"tags": ["x_refsource_MISC"], "url": "https://www.talend.com/security/incident-response/#CVE-2022-31648"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-31648", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Talend Administration Center is vulnerable to a reflected Cross-Site Scripting (XSS) issue in the SSO login endpoint. The issue is fixed for versions 8.0.x in TPS-5233, for versions 7.3.x in TPS-5324, and for versions 7.2.x in TPS-5235. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://talend.com", "refsource": "MISC", "url": "https://talend.com"}, {"name": "https://www.talend.com/security/incident-response/#CVE-2022-31648", "refsource": "MISC", "url": "https://www.talend.com/security/incident-response/#CVE-2022-31648"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:26:00.978Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://talend.com"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.talend.com/security/incident-response/#CVE-2022-31648"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-31648", "datePublished": "2022-05-26T19:07:39", "dateReserved": "2022-05-25T00:00:00", "dateUpdated": "2024-08-03T07:26:00.978Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:talend:administration_center:7.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "9C41B793-589A-4E05-8DD0-5B124B9BC2E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:talend:administration_center:7.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E86982F7-8EFB-4639-A295-41F1010EDDEE", "vulnerable": true}, {"criteria": "cpe:2.3:a:talend:administration_center:8.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "546FEC80-19A7-4E82-AF20-B096C184DCF1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Talend Administration Center is vulnerable to a reflected Cross-Site Scripting (XSS) issue in the SSO login endpoint. The issue is fixed for versions 8.0.x in TPS-5233, for versions 7.3.x in TPS-5324, and for versions 7.2.x in TPS-5235. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version."}, {"lang": "es", "value": "Talend Administration Center es vulnerable a un problema de tipo Cross-Site Scripting (XSS) reflejado en el endponit de inicio de sesi\u00f3n de SSO. El problema ha sido corregido para las versiones 8.0.x en TPS-5233, para versiones 7.3.x en TPS-5324 y para versiones 7.2.x en TPS-5235. Las versiones anteriores de Talend Administration Center tambi\u00e9n pueden verse afectadas; se recomienda a usuarios actualizar a una versi\u00f3n compatible"}], "id": "CVE-2022-31648", "lastModified": "2022-06-08T16:06:43.497", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-05-26T20:15:10.480", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://talend.com"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.talend.com/security/incident-response/#CVE-2022-31648"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}