ThingsBoard 3.4.1 could allow a remote authenticated attacker to achieve Vertical Privilege Escalation. A Tenant Administrator can obtain System Administrator dashboard access by modifying the scope via the scopes parameter.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Thingsboard | Thingsboard | 3.4.1 (including) | 3.4.1 (including) |