Vulnerability CVE-2019-12782


Published: 2019-07-09

Description:
An authorization bypass vulnerability in pinboard updates in ThoughtSpot 4.4.1 through 5.1.1 (before 5.1.2) allows a low-privilege user with write access to at least one pinboard to corrupt pinboards of another user in the application by spoofing GUIDs in pinboard update requests, effectively deleting them.

Type:

CWE-285

(Improper Authorization)

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.5/10
4.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial
Affected software
Thoughtspot -> Thoughtspot 

 References:
https://docs.thoughtspot.com/5.1/release/notes.html
https://www.vsecurity.com/download/advisories/201912782-1.txt
https://www.vsecurity.com/resources/advisories.html

Copyright 2024, cxsecurity.com

 

Back to Top