ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded service credentials (usable for privilege escalation) are stored in an insecure format. (To read this stored data, the attacker needs access to the application server or its source code.)
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/26xxx/CVE-2023-26462.json",
"cna_assigner": "mitre"
}