Severity: Medium

 

Summary: The Tableau Services Manager (TSM) logs all configuration value changes to a local log file. When sensitive values are changed, such as the filestore.zookeeper.password, both the old and new value are written to the log in plaintext.

The Tableau Services Manager component is included Tableau Server on Linux. Tableau Server on Windows in not affected by this vulnerability.

 

Impact: Malicious users with access to the Tableau Services Manager logs can access passwords that are used for authenticating internal services on Tableau Server.

 

Vulnerable Versions: The following versions have this vulnerability:

Tableau Server on Linux 10.5 (through 10.5.1).

 

Resolution: The issue can be fixed by upgrading to the following version:

Tableau Server on Linux 10.5.2