Unauthenticated Remote WAR File Deployment in Talend Data Catalog Remote Harvesting Server

Unauthenticated Remote WAR File Deployment in Talend Data Catalog Remote Harvesting Server

CVE-2023-33247 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. (A mitigation is that the remote harvesting server should be behind a firewall that only allows access to the Talend Data Catalog server.)

Learn more about our Cis Benchmark Audit For Server Software.