ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded service credentials (usable for privilege escalation) are stored in an insecure format. (To read this stored data, the attacker needs access to the application server or its source code.)
References
Link | Resource |
---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/238544 | Third Party Advisory VDB Entry |
https://thingsboard.io/docs/reference/releases/ | Release Notes |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-02-23T00:00:00
Updated: 2023-02-23T00:00:00
Reserved: 2023-02-23T00:00:00
Link: CVE-2023-26462
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-02-23T06:15:10.340
Modified: 2023-08-29T20:18:02.617
Link: CVE-2023-26462
JSON object: View
Redhat Information
No data.
CWE