CVE-2023-26462

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-26462

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-26462.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-26462

Published

2023-02-23T06:15:10Z

Modified

2025-01-08T09:28:47.780763Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded service credentials (usable for privilege escalation) are stored in an insecure format. (To read this stored data, the attacker needs access to the application server or its source code.)

References

Affected packages

Git / github.com/thingsboard/thingsboard

Affected ranges

Type: GIT
Repo: https://github.com/thingsboard/thingsboard
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

3bd8cb02decbd27b7aa9a008964fcbbdab1a316a

Affected versions

v1.*

v1.0

v1.1

v1.2

v1.2.1

v1.2.2

v1.2.3

v1.3

v1.3.1

v2.*

v2.0

v2.0.1

v2.0.2

v2.0.3

v2.1

v2.1.1

v2.1.2

v2.1.3

v2.2

v2.3

v2.4

v2.4.1

v2.4.2

v2.4.2.1

v2.4.3

v2.5

v3.*

v3.4

v3.4.1