Severity: Medium


Summary: The Tableau Bridge client logs data source passwords to the TabOnlineSyncSvc.log logfile. This logfile is located on the host running the Bridge client. Only Tableau Desktop installations using Tableau Bridge feature are vulnerable to this information disclosure.


Impact: Malicious users with access to the Tableau Bridge client logs can access passwords to data sources that the Bridge client has connected to.


Vulnerable Versions: The Tableau Bridge client is included with Tableau Desktop for Windows. The following versions have this vulnerability: 10.3 (through 10.3.5), 10.4 (through 10.4.1).


Resolution: The issue can be fixed by upgrading to the following version:

Tableau Desktop for Windows 10.3.7

Tableau Desktop for Windows 10.4.3