Severity: Medium

 

Summary: Tableau Services Manager (TSM) can expose sensitive information if an unauthenticated API endpoint is queried while a TSM job is in-progress.

 

Tableau Services Manager is a component that is included with Tableau Server on Linux.  Tableau Server on Windows is not affected by this vulnerability.

 

Impact: Malicious users that can make API calls to Tableau Services Manager can learn sensitive information, such as passwords that are used for authenticating internal services on Tableau Server.

 

Vulnerable Versions:  The following versions have this vulnerability:

Tableau Server on Linux 10.5 (through 10.5.3)

Tableau Server on Linux 2018.1

 

Resolution: The issue can be fixed by upgrading to the following versions:

Tableau Server on Linux 10.5.4

Tableau Server on Linux 2018.1.1