3 matches found
CVE-2022-48341
ThingsBoard 3.4.1 could allow a remote authenticated attacker to achieve Vertical Privilege Escalation. A Tenant Administrator can obtain System Administrator dashboard access by modifying the scope via the scopes parameter...
CVE-2022-48341
ThingsBoard 3.4.1 could allow a remote authenticated attacker to achieve Vertical Privilege Escalation. A Tenant Administrator can obtain System Administrator dashboard access by modifying the scope via the scopes parameter...
CVE-2022-48341
ThingsBoard 3.4.1 contains a vertical privilege escalation vulnerability where a remote authenticated tenant administrator can gain access to the System Administrator dashboard by modifying the scope parameter (scopes). The issue is triggered by scope manipulation and could allow access to higher...