PT-2023-14718 · Unknown · Thingsboard

Published

2023-03-01

Updated

2025-03-07

CVE-2022-45608

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ThingsBoard version 3.4.1

Description An issue in ThingsBoard allows low privileged attackers to gain escalated privileges and become an Administrator on the web application. The attacker must know the corresponding API's parameter authority : value to accomplish this.

Recommendations For ThingsBoard version 3.4.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the API endpoint that utilizes the authority : value parameter until a patch is available.

Exploit

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2022-45608

Affected Products

Thingsboard

PT-2023-14718 · Unknown · Thingsboard

CVE-2022-45608

Weakness Enumeration

Related Identifiers

Affected Products

References · 8