CVE-2022-45608

Name of the Vulnerable Software and Affected Versions ThingsBoard version 3.4.1

Description An issue in ThingsBoard allows low privileged attackers to gain escalated privileges and become an Administrator on the web application. The attacker must know the corresponding API's parameter authority : value to accomplish this.

Recommendations For ThingsBoard version 3.4.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the API endpoint that utilizes the authority : value parameter until a patch is available.