Summary: A user can send a specially crafted request to Tableau Server that allows the user to impersonate a different user.
Vulnerable Versions: Tableau Server 8.1 (through 8.1.20), 8.2 (through 8.2.12), 8.3 (through 8.3.7), 9.0 (through 9.0.3)
Resolution: The issue can be fixed by upgrading to the following Tableau Server versions:
Tableau Server 8.1.21
Tableau Server 8.2.13
Tableau Server 8.3.8
Tableau Server 9.0.4
Knowledgebase Article: Security Advisory: Users Can Be Impersonated | Tableau Software