Описание
Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. (A mitigation is that the remote harvesting server should be behind a firewall that only allows access to the Talend Data Catalog server.)
Уязвимые конфигурации
Конфигурация 1Версия до 8.0-20230413 (исключая)
cpe:2.3:a:talend:data_catalog:*:*:*:*:*:*:*:*
EPSS
Процентиль: 31%
0.00121
Низкий
7.5 High
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-306
Связанные уязвимости
CVSS3: 7.5
github
больше 2 лет назад
Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. (A mitigation is that the remote harvesting server should be behind a firewall that only allows access to the Talend Data Catalog server.)
EPSS
Процентиль: 31%
0.00121
Низкий
7.5 High
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-306