Severity: Medium


Summary: Tableau Services Manager (TSM) can expose sensitive information if an unauthenticated API endpoint is queried while a TSM job is in-progress.


Tableau Services Manager is a component that is included with Tableau Server on Linux.  Tableau Server on Windows is not affected by this vulnerability.


Impact: Malicious users that can make API calls to Tableau Services Manager can learn sensitive information, such as passwords that are used for authenticating internal services on Tableau Server.


Vulnerable Versions:  The following versions have this vulnerability:

Tableau Server on Linux 10.5 (through 10.5.3)

Tableau Server on Linux 2018.1


Resolution: The issue can be fixed by upgrading to the following versions:

Tableau Server on Linux 10.5.4

Tableau Server on Linux 2018.1.1