CVE-2023-26462

ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded service credentials (usable for privilege escalation) are stored in an insecure format. (To read this stored data, the attacker needs access to the application server or its source code.)
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:thingsboard:thingsboard:3.4.1:*:*:*:*:*:*:*

History

29 Aug 2023, 20:18

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.8
v2 : unknown
v3 : 8.1

Information

Published : 2023-02-23 06:15

Updated : 2024-02-28 19:51


NVD link : CVE-2023-26462

Mitre link : CVE-2023-26462

CVE.ORG link : CVE-2023-26462


JSON object : View

Products Affected

thingsboard

  • thingsboard
CWE
CWE-798

Use of Hard-coded Credentials