Severity: High

 

Summary: The fix applied for ADV-2015-002 was incomplete and still left the opportunity for an authorized user to send carefully crafted input that results in disclosure of server configuration information.  This KB article  has been updated with new information:

 

Vulnerable Versions: Tableau Server 8.1 (through 8.1.24), 8.2 (through 8.2.17), 8.3 (through 8.3.12), 9.0 (through 9.0.11), 9.1 (through 9.1.5), 9.2 (through 9.2.3)

 

Resolutions: The issue can be fixed by upgrading to the following Tableau Server versions:

Tableau Server: 8.1.25

Tableau Server: 8.2.18

Tableau Server: 8.3.13

Tableau Server: 9.0.12

Tableau Server: 9.1.6

Tableau Server: 9.2.4