Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
ThingsBoard 3.4.1 could allow a remote authenticated attacker to achieve Vertical Privilege Escalation. A Tenant Administrator can obtain System Administrator dashboard access by modifying the scope via the scopes parameter.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Thingsboard 安全漏洞
Vulnerability Description
Thingsboard是Thingsboard团队的一个基于Java用于IOT设备进行监控、管理、数据收集的平台。 Thingsboard 3.4.1版本存在安全漏洞,该漏洞源于租户管理员可以通过scopes参数修改范围来获得系统管理员仪表板访问权限,攻击者利用该漏洞可以实现垂直权限提升,
CVSS Information
N/A
Vulnerability Type
N/A