Unrated severityNVD Advisory· Published Mar 1, 2023· Updated Mar 7, 2025
CVE-2022-45608
CVE-2022-45608
Description
An issue was discovered in ThingsBoard 3.4.1, allows low privileged attackers (CUSTOMER_USER) to gain escalated privileges (vertically) and become an Administrator (TENANT_ADMIN) or (SYS_ADMIN) on the web application. It is important to note that in order to accomplish this, the attacker must know the corresponding API's parameter (authority : value).
Affected products
1- Range: =3.4.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.