Security Advisory

CVE-2022-45608

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-03-01 00:00:00
Last updated 2025-03-07 17:53:49
Assigner mitre
State PUBLISHED

Description

An issue was discovered in ThingsBoard 3.4.1, allows low privileged attackers (CUSTOMER_USER) to gain escalated privileges (vertically) and become an Administrator (TENANT_ADMIN) or (SYS_ADMIN) on the web application. It is important to note that in order to accomplish this, the attacker must know the corresponding APIs parameter (authority : value).