Vulnerability Details CVE-2022-48341
ThingsBoard 3.4.1 could allow a remote authenticated attacker to achieve Vertical Privilege Escalation. A Tenant Administrator can obtain System Administrator dashboard access by modifying the scope via the scopes parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.0%
CVSS Severity
CVSS v3 Score 8.8
Products affected by CVE-2022-48341
-
cpe:2.3:a:thingsboard:thingsboard:3.4.1