Severity: High

 

Summary: A user can send a specially crafted request to Tableau Server that allows the user to impersonate a different user.

 

Vulnerable Versions: Tableau Server 8.1 (through 8.1.20), 8.2 (through 8.2.12), 8.3 (through 8.3.7), 9.0 (through 9.0.3)

 

Resolution: The issue can be fixed by upgrading to the following Tableau Server versions:

Tableau Server 8.1.21

Tableau Server 8.2.13

Tableau Server 8.3.8

Tableau Server 9.0.4

 

Knowledgebase Article: Security Advisory: Users Can Be Impersonated | Tableau Software