cvedb.io
CVE-2022-45608
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2023-03-01T16:15:09.580 · Last modified 2026-06-17T05:10:26.987

Summary

An issue was discovered in ThingsBoard 3.4.1, allows low privileged attackers (CUSTOMER_USER) to gain escalated privileges (vertically) and become an Administrator (TENANT_ADMIN) or (SYS_ADMIN) on the web application. It is important to note that in order to accomplish this, the attacker must know the corresponding API's parameter (authority : value).

Affected products

thingsboard — thingsboard

Does this affect you?

Add your gear to cvedb and we'll alert you only when thingsboard ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.