CVE-2022-48341

Name of the Vulnerable Software and Affected Versions ThingsBoard version 3.4.1

Description The issue allows a remote authenticated attacker to achieve Vertical Privilege Escalation. A Tenant Administrator can obtain System Administrator dashboard access by modifying the scope via the scopes parameter.

Recommendations For ThingsBoard version 3.4.1, as a temporary workaround, consider restricting modifications to the scopes parameter to prevent Vertical Privilege Escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.