Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. (A mitigation is that the remote harvesting server should be behind a firewall that only allows access to the Talend Data Catalog server.)
References
Link | Resource |
---|---|
https://help.talend.com/r/en-US/Talend-Products-CVEs/Talend-Products-CVEs | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-05-26T00:00:00
Updated: 2023-05-26T00:00:00
Reserved: 2023-05-21T00:00:00
Link: CVE-2023-33247
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-05-26T20:15:49.360
Modified: 2023-06-02T18:18:58.370
Link: CVE-2023-33247
JSON object: View
Redhat Information
No data.
CWE