CVE-2019-12782

An authorization bypass vulnerability in pinboard updates in ThoughtSpot 4.4.1 through 5.1.1 (before 5.1.2) allows a low-privilege user with write access to at least one pinboard to corrupt pinboards of another user in the application by spoofing GUIDs in pinboard update requests, effectively deleting them.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
VendorProductVersion
thoughtspotthoughtspot
4.4.1 ≤
𝑥
≤ 5.1.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://docs.thoughtspot.com/5.1/release/notes.html
https://www.vsecurity.com/download/advisories/201912782-1.txt
https://www.vsecurity.com/resources/advisories.html
https://docs.thoughtspot.com/5.1/release/notes.html
https://www.vsecurity.com/download/advisories/201912782-1.txt
https://www.vsecurity.com/resources/advisories.html