CVE-2023-26462

Published: Feb 23, 2023Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded service credentials (usable for privilege escalation) are stored in an insecure format. (To read this stored data, the attacker needs access to the application server or its source code.)

Affected (1)

Products: Thingsboard: Thingsboard

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Thingsboard Thingsboard	Version 3.4.1

Related CWEs

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (4)

https://exchange.xforce.ibmcloud.com/vulnerabilities/238544

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://thingsboard.io/docs/reference/releases/

Source: cve@mitre.org

Release Notes

https://exchange.xforce.ibmcloud.com/vulnerabilities/238544

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://thingsboard.io/docs/reference/releases/

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

Timeline

No history available yet.