CVE-2019-12782

EUVD-2019-4365
An authorization bypass vulnerability in pinboard updates in ThoughtSpot 4.4.1 through 5.1.1 (before 5.1.2) allows a low-privilege user with write access to at least one pinboard to corrupt pinboards of another user in the application by spoofing GUIDs in pinboard update requests, effectively deleting them.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
Affected Products (NVD)
VendorProductVersion
thoughtspotthoughtspot
4.4.1 ≤
𝑥
≤ 5.1.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://docs.thoughtspot.com/5.1/release/notes.html
https://www.vsecurity.com/download/advisories/201912782-1.txt
https://www.vsecurity.com/resources/advisories.html
https://docs.thoughtspot.com/5.1/release/notes.html
https://www.vsecurity.com/download/advisories/201912782-1.txt
https://www.vsecurity.com/resources/advisories.html