exploitDog

CVE-2023-26462

Опубликовано: 23 фев. 2023

Источник: nvd

CVSS3: 8.1

EPSS Низкий

Описание

ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded service credentials (usable for privilege escalation) are stored in an insecure format. (To read this stored data, the attacker needs access to the application server or its source code.)

Ссылки

https://exchange.xforce.ibmcloud.com/vulnerabilities/238544
Third Party Advisory
VDB Entry
https://thingsboard.io/docs/reference/releases/
Release Notes
https://exchange.xforce.ibmcloud.com/vulnerabilities/238544
Third Party Advisory
VDB Entry
https://thingsboard.io/docs/reference/releases/
Release Notes

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:thingsboard:thingsboard:3.4.1:*:*:*:*:*:*:*

EPSS

Процентиль: 72%

0.00733

Низкий

8.1 High

CVSS3

Дефекты

CWE-798

Связанные уязвимости

GHSA-pvpx-gxvp-44wq

CVSS3: 9.8

github

почти 3 года назад

ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded service credentials (usable for privilege escalation) are stored in an insecure format. (To read this stored data, the attacker needs access to the application server or its source code.)

EPSS

Процентиль: 72%

0.00733

Низкий

8.1 High

CVSS3

Дефекты

CWE-798