CVE-2022-45608

EPSS 0.9%CWE-269

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 0.9%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

01 Mar 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

An issue was discovered in ThingsBoard 3.4.1, allows low privileged attackers (CUSTOMER_USER) to gain escalated privileges (vertically) and become an Administrator (TENANT_ADMIN) or (SYS_ADMIN) on the web application. It is important to note that in order to accomplish this, the attacker must know the corresponding API's parameter (authority : value).

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://wiki.wizard32.net/en/blog/access-control-vulnerability-ThingsBoard http://thingsboard.com