An authorization bypass vulnerability in pinboard updates in ThoughtSpot 4.4.1 through 5.1.1 (before 5.1.2) allows a low-privilege user with write access to at least one pinboard to corrupt pinboards of another user in the application by spoofing GUIDs in pinboard update requests, effectively deleting them.
CPE | Name | Operator | Version |
---|---|---|---|
thoughtspot | ge | 4.4.1 | |
thoughtspot | le | 5.1.1 |