CVE-2022-40004

Cross Site Scripting XSS vulnerability in Things Board 3.4.1 allows remote attackers to escalate privilege via crafted URL to the Audit Log...

CVE-2022-48341

ThingsBoard 3.4.1 could allow a remote authenticated attacker to achieve Vertical Privilege Escalation. A Tenant Administrator can obtain System Administrator dashboard access by modifying the scope via the scopes parameter...

CVE-2023-26462

ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded service credentials usable for privilege escalation are stored in an insecure format. To read this stored data, the attacker needs access to the application server or its source code...

Design/Logic Flaw

ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded service credentials usable for privilege escalation are stored in an insecure format. To read this stored data, the attacker needs access to the application server or its source code...

CVE-2022-48341

ThingsBoard 3.4.1 contains a vertical privilege escalation vulnerability where a remote authenticated tenant administrator can gain access to the System Administrator dashboard by modifying the scope parameter (scopes). The issue is triggered by scope manipulation and could allow access to higher...