CVE-2023-26462
CVSS V2 None
CVSS V3 None
Description
ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded service credentials (usable for privilege escalation) are stored in an insecure format. (To read this stored data, the attacker needs access to the application server or its source code.)
Overview
- CVE ID
- CVE-2023-26462
- Assigner
- cve@mitre.org
- Vulnerability Status
- Analyzed
- Published Version
- 2023-02-23T06:15:10
- Last Modified Date
- 2023-03-03T02:29:16
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:thingsboard:thingsboard:3.4.1:*:*:*:*:*:*:* | 1 | OR |
References
| Reference URL | Reference Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/238544 | Third Party Advisory VDB Entry |
| https://thingsboard.io/docs/reference/releases/ | Release Notes |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-26462 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26462 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-04-17 05:21:50 | Added to TrackCVE | |||
| 2023-04-17 05:21:53 | Weakness Enumeration | new |