CVE-2023-26462

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-26462
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-26462.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-26462
Published
2023-02-23T00:00:00Z
Modified
2026-05-18T05:55:23.468208579Z
Summary
[none]
Details

ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded service credentials (usable for privilege escalation) are stored in an insecure format. (To read this stored data, the attacker needs access to the application server or its source code.)

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/26xxx/CVE-2023-26462.json",
    "cna_assigner": "mitre"
}
References

Affected packages

Git / github.com/thingsboard/thingsboard

Affected ranges

Type
GIT
Repo
https://github.com/thingsboard/thingsboard
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
3bd8cb02decbd27b7aa9a008964fcbbdab1a316a
Database specific 
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.4.1"
        }
    ],
    "source": "CPE_FIELD",
    "cpe": "cpe:2.3:a:thingsboard:thingsboard:3.4.1:*:*:*:*:*:*:*"
}

Affected versions

v1.*
v1.0
v1.2.1
v1.3.1
v2.*
v2.0
v2.0.1
v2.0.2
v2.0.3
v2.1
v3.*
v3.4
v3.4.1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-26462.json"