CVE-2019-12782
CVE-2019-12782 affects ThoughtSpot 4.4.1–5.1.1 (before 5.1.2). An authorization bypass in pinboard updates allows a low-privilege user with write access to at least one pinboard to corrupt or delete other users’ pinboards by spoofing GUIDs in pinboard update requests. CVSS v3 base score 8.1 (High...