Vulnerabilities > CVE-2022-48341 - Unspecified vulnerability in Thingsboard 3.4.1

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

thingsboard

NVD

Published: 2023-02-23

Updated: 2023-03-03

Summary

ThingsBoard 3.4.1 could allow a remote authenticated attacker to achieve Vertical Privilege Escalation. A Tenant Administrator can obtain System Administrator dashboard access by modifying the scope via the scopes parameter.

Vulnerable Configurations

Part	Description	Count
Application	Thingsboard Thingsboard Thingsboard 3.4.1	1

References

https://thingsboard.io/docs/reference/releases/
https://exchange.xforce.ibmcloud.com/vulnerabilities/238543