Vulnerability — CVE-2022-45608

CVE-2022-45608

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2022-45608
Description:: An issue was discovered in ThingsBoard 3.4.1, allows low privileged attackers (CUSTOMER_USER) to gain escalated privileges (vertically) and become an Administrator (TENANT_ADMIN) or (SYS_ADMIN) on the web application. It is important to note that in order to accomplish this, the attacker must know the corresponding API's parameter (authority : value).
Last updated date:: 05/11/2023

Type:: exploit
Confidence:: HIGH
Date of publishing:: 03/09/2023
Reference url to background: https://outpost24.com/blog/access-control-vulnerability-discovered-in-the-thingsboard-iot-platform