exploitDog

CVE-2021-42837

Опубликовано: 05 нояб. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

An issue was discovered in Talend Data Catalog before 7.3-20210930. After setting up SAML/OAuth, authentication is not correctly enforced on the native login page. Any valid user from the SAML/OAuth provider can be used as the username with an arbitrary password, and login will succeed.

Ссылки

https://jira.talendforge.org/browse/TAPACHE-180
Vendor Advisory
https://www.talend.com/resources/
Vendor Advisory
https://jira.talendforge.org/browse/TAPACHE-180
Vendor Advisory
https://www.talend.com/resources/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:talend:data_catalog:*:*:*:*:*:*:*:*

Версия до 7.3-20210930 (исключая)

EPSS

Процентиль: 64%

0.00476

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-7m5q-x758-9ww3

CVSS3: 9.8

github

больше 3 лет назад

An issue was discovered in Talend Data Catalog before 7.3-20210930. After setting up SAML/OAuth, authentication is not correctly enforced on the native login page. Any valid user from the SAML/OAuth provider can be used as the username with an arbitrary password, and login will succeed.

EPSS

Процентиль: 64%

0.00476

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287