Severity: Medium

 

Summary: Tableau Sever contains an open redirect vulnerability that could allow a user to be redirected to an untrusted site.

 

Impact: The vulnerability can allow an attacker to redirect the user to a malicious web site.

 

Vulnerable Versions: Tableau Server 9.0 (through 9.0.21), 9.1 (through 9.1.17), 9.2 (through 9.2.16), 9.3 (through 9.3.13), 10.0 (through 10.0.7), 10.1 (through 10.1.5), 10.2.0

 

Resolution: The issue can be fixed by upgrading to the following Tableau Server versions:

Tableau Server 9.0.22

Tableau Server 9.1.18

Tableau Server 9.2.17

Tableau Server 9.3.14

Tableau Server 10.0.8

Tableau Server 10.1.6

Tableau Server 10.2.1

 

The remediation for this vulnerability is not yet available for Tableau Server 10.2. The remediation will be included in a future 10.2 maintenance release. This vulnerability disclosure will be updated when the 10.2 fix is released