An authorization bypass vulnerability in pinboard updates in ThoughtSpot 4.4.1 through 5.1.1 (before 5.1.2) allows a low-privilege user with write access to at least one pinboard to corrupt pinboards of another user in the application by spoofing GUIDs in pinboard update requests, effectively deleting them.
References
Link | Resource |
---|---|
https://docs.thoughtspot.com/5.1/release/notes.html | Release Notes Vendor Advisory |
https://www.vsecurity.com/download/advisories/201912782-1.txt | Third Party Advisory |
https://www.vsecurity.com/resources/advisories.html | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-07-09T15:20:44
Updated: 2019-07-09T15:20:44
Reserved: 2019-06-10T00:00:00
Link: CVE-2019-12782
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-07-09T16:15:12.963
Modified: 2020-08-24T17:37:01.140
Link: CVE-2019-12782
JSON object: View
Redhat Information
No data.
CWE