CVE-2022-29942 in TPS-5189
Summary
by MITRE • 05/04/2022
Talend Administration Center has a vulnerability that allows an authenticated user to use the Service Registry 'Add' functionality to perform SSRF HTTP GET requests on URLs in the internal network. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175, and versions 7.2.x in TPS-5201. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 05/07/2022
The vulnerability identified as CVE-2022-29942 affects Talend Administration Center, a comprehensive platform for managing data integration processes and services within enterprise environments. This security flaw represents a significant concern for organizations relying on Talend's service registry functionality, as it enables authenticated attackers to leverage legitimate administrative features for malicious purposes. The vulnerability specifically targets the Service Registry 'Add' functionality, which is designed to register and manage various services within the platform's ecosystem. When an authenticated user exploits this weakness, they can manipulate the system to perform server-side requests to internal network resources that would otherwise be restricted from external access.
The technical implementation of this vulnerability stems from inadequate input validation and sanitization within the Service Registry component of Talend Administration Center. The flaw allows an authenticated user to provide malicious URL parameters through the 'Add' functionality, which are then processed by the system's internal HTTP client without proper network boundary checks. This creates a server-side request forgery condition where the application acts as an intermediary, making HTTP GET requests to arbitrary internal targets on behalf of the attacker. The vulnerability is particularly dangerous because it operates within the trusted administrative context of the application, bypassing typical network segmentation controls that would normally prevent external systems from directly accessing internal resources.
The operational impact of this vulnerability extends beyond simple information disclosure, as it provides attackers with the capability to perform reconnaissance and potentially escalate their privileges within the internal network. An attacker could use this vulnerability to scan internal network services, identify running applications, and potentially discover sensitive information about the organization's infrastructure. The vulnerability is classified under CWE-918 as Server-Side Request Forgery, which is a well-documented attack pattern where applications fetch resources from external sources without proper validation. This type of vulnerability aligns with ATT&CK technique T1566.002 for Phishing with Malicious Link, as it allows attackers to construct malicious URLs that can be used to target internal systems.
Organizations utilizing Talend Administration Center must prioritize immediate remediation of this vulnerability through the recommended version updates. The fix addresses the issue in multiple supported version streams including 8.0.x, 7.3.x, and 7.2.x, with specific patch identifiers TPS-5189, TPS-5175, and TPS-5201 respectively. Security teams should conduct thorough inventory assessments to identify all installations of affected Talend versions and implement patch management procedures to ensure complete coverage. Additionally, organizations should consider implementing network segmentation controls and monitoring for unusual HTTP traffic patterns that might indicate exploitation attempts. The vulnerability demonstrates the critical importance of validating all user inputs and implementing proper network access controls even within administrative interfaces, as the attack vector exploits legitimate administrative functionality to achieve unauthorized access to internal resources.