exploitDog

CVE-2022-48341

Опубликовано: 23 фев. 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

ThingsBoard 3.4.1 could allow a remote authenticated attacker to achieve Vertical Privilege Escalation. A Tenant Administrator can obtain System Administrator dashboard access by modifying the scope via the scopes parameter.

Ссылки

https://exchange.xforce.ibmcloud.com/vulnerabilities/238543
Third Party Advisory
VDB Entry
https://thingsboard.io/docs/reference/releases/
Release Notes
https://exchange.xforce.ibmcloud.com/vulnerabilities/238543
Third Party Advisory
VDB Entry
https://thingsboard.io/docs/reference/releases/
Release Notes

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:thingsboard:thingsboard:3.4.1:*:*:*:*:*:*:*

EPSS

Процентиль: 57%

0.00351

Низкий

8.8 High

CVSS3

Дефекты

NVD-CWE-Other

CWE-269

Связанные уязвимости

GHSA-c8gv-h2p7-9j69

CVSS3: 8.8

github

почти 3 года назад

ThingsBoard 3.4.1 could allow a remote authenticated attacker to achieve Vertical Privilege Escalation. A Tenant Administrator can obtain System Administrator dashboard access by modifying the scope via the scopes parameter.

EPSS

Процентиль: 57%

0.00351

Низкий

8.8 High

CVSS3

Дефекты

NVD-CWE-Other

CWE-269