CVE-2023-26462

Source
https://cve.org/CVERecord?id=CVE-2023-26462
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-26462.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-26462
Published
2023-02-23T00:00:00Z
Modified
2026-07-08T07:34:19.032400553Z
Summary
[none]
Details

ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded service credentials (usable for privilege escalation) are stored in an insecure format. (To read this stored data, the attacker needs access to the application server or its source code.)

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/26xxx/CVE-2023-26462.json",
    "cna_assigner": "mitre"
}
References

Affected packages

Git / github.com/thingsboard/thingsboard

Affected ranges

Type
GIT
Repo
https://github.com/thingsboard/thingsboard
Events
Database specific
{
    "source": "CPE_STRING",
    "cpe": "cpe:2.3:a:thingsboard:thingsboard:3.4.1:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "3.4.1"
        },
        {
            "last_affected": "3.4.1"
        }
    ]
}

Affected versions

3.*
3.4.1
v3.*
v3.4.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-26462.json"