[Important] ADV-2017-016: REST API may trigger refresh extracts on the wrong site
Summary: In some cases REST API calls intended for one site will refresh an extract for a different site hosted on the Tableau Server.
Impact: An extract on another site will be triggered. This results in unnecessary consumption of resources. In addition, workbook and data source names are disclosed as a byproduct of the extract refresh to the site that initiated the refresh.
Data from the extract or target data source are not disclosed.
Vulnerable Versions: 10.3.0 (through 10.3.1)
Resolution: The issue can be fixed by upgrading to the following Tableau Server versions: