CP
cyberpings
VulnerabilitiesMEDIUM

Gainsight Assist Vulnerabilities - Information Disclosure Fixed

R7Rapid7 Blog
CVE-2026-31381CVE-2026-31382Gainsight AssistRapid7
🎯

Basically, there were security flaws in Gainsight Assist that could let attackers access private information.

Quick Summary

Gainsight Assist recently faced vulnerabilities that could expose user email addresses and allow XSS attacks. Gainsight has released patches to fix these issues. Users should update their plugins immediately to stay secure.

The Flaw

Rapid7 Labs recently discovered a chain of vulnerabilities in the Gainsight Assist plugin. These include an Information Disclosure flaw (CVE-2026-31381) and a Reflected Cross-Site Scripting (XSS) vulnerability (CVE-2026-31382). The combination of these vulnerabilities allows attackers to escalate from passive information gathering to active exploitation on client devices.

The Information Disclosure vulnerability exposes user email addresses in a Base64 encoded state parameter via the OAuth callback URL. This flaw, rated at a CVSS score of 5.3 (Medium), allows attackers to harvest sensitive information from server logs or browser history. Meanwhile, the XSS vulnerability, rated at 6.1 (Medium), can be exploited through crafted URLs that bypass the domain's Web Application Firewall (WAF).

What's at Risk

The vulnerabilities primarily affect users of the Gainsight Assist plugin, which integrates with email platforms to manage customer success communications. If exploited, attackers could gain access to personally identifiable information (PII) such as email addresses. This could lead to phishing attacks or further exploitation of user accounts.

The impact is particularly concerning because the vulnerabilities can be chained. An attacker can first extract email addresses through the information disclosure flaw and then use XSS to lure victims into executing malicious scripts. This creates a pathway for more severe attacks, including client-side resource exhaustion or malware delivery.

Patch Status

Gainsight has acted swiftly to remediate these vulnerabilities. The XSS vulnerability was fixed on March 6, 2026, through a server-side code-level update. Additionally, an update addressing the Information Disclosure flaw was released on March 9, 2026. Users are encouraged to ensure they are using the latest version of the Gainsight Assist plugin to protect against these vulnerabilities.

Gainsight has expressed gratitude to Rapid7 for their collaboration in identifying and resolving these issues, emphasizing their commitment to security and transparency with their customers.

Immediate Actions

Users of Gainsight Assist should take the following steps to safeguard their accounts:

  • Update the Plugin: Ensure you are using the latest version of the Gainsight Assist plugin to benefit from the security fixes.
  • Monitor Accounts: Keep an eye on your accounts for any suspicious activity, especially if you suspect you may have been targeted.
  • Educate Users: Inform team members about the potential risks associated with phishing and malicious links, especially those that may exploit the recent vulnerabilities.

By staying vigilant and proactive, users can significantly reduce their risk of falling victim to these types of attacks.

🔒 Pro insight: The chaining of these vulnerabilities highlights the importance of robust input validation and WAF configurations in preventing client-side attacks.

Original article from

Rapid7 Blog · Christopher O’Boyle

Read Full Article

Share

Related Pings

HIGHVulnerabilities

Cisco FMC Flaw - Exploited by Interlock Ransomware Gang

A critical vulnerability in Cisco's Secure Firewall Management Center was exploited by the Interlock ransomware gang before a patch was available. This highlights the ongoing risk of zero-day exploits. Organizations must act quickly to secure their systems and mitigate potential damage.

Help Net Security·
CRITICALVulnerabilities

CVE-2026-21992 - Critical Oracle Remote Code Execution Alert

Oracle has issued a critical alert for CVE-2026-21992, a remote code execution vulnerability. Affected products include Oracle Identity Manager and Web Services Manager. Immediate patching is essential to prevent exploitation.

Tenable Blog·
CRITICALVulnerabilities

Magento Vulnerability - Unauthenticated RCE and Account Takeover

A critical vulnerability in Magento's REST API allows unauthenticated uploads, leading to remote code execution. All versions up to 2.4.9-alpha2 are affected. Store owners must act quickly to secure their systems.

The Hacker News·
CRITICALVulnerabilities

Critical Jenkins Vulnerabilities - Expose CI/CD Servers to RCE

A critical security advisory warns of multiple high-severity vulnerabilities in Jenkins. These flaws could allow attackers to execute arbitrary code, compromising CI/CD pipelines. Administrators must act quickly to patch these vulnerabilities to safeguard their systems.

Cyber Security News·
HIGHVulnerabilities

iOS Update Urged as Coruna and DarkSword Exploit Kits Emerge

Apple warns iPhone users to update iOS to fend off new exploit kits. Coruna and DarkSword pose serious risks by stealing sensitive data. Stay safe by updating your device now!

Security Affairs·
CRITICALVulnerabilities

Cisco Firewall 0-Day - Critical Ransomware Exploited

CISA has issued a critical warning about a zero-day vulnerability in Cisco firewalls. This flaw is actively exploited in ransomware campaigns, putting enterprises at risk. Immediate patching is essential to prevent severe operational disruptions.

Cyber Security News·