Summary: Tableau Services Manager (TSM) can expose sensitive information if an unauthenticated API endpoint is queried while a TSM job is in-progress.
Tableau Services Manager is a component that is included with Tableau Server on Linux. Tableau Server on Windows is not affected by this vulnerability.
Impact: Malicious users that can make API calls to Tableau Services Manager can learn sensitive information, such as passwords that are used for authenticating internal services on Tableau Server.
Vulnerable Versions: The following versions have this vulnerability:
Tableau Server on Linux 10.5 (through 10.5.3)
Tableau Server on Linux 2018.1
Resolution: The issue can be fixed by upgrading to the following versions:
Tableau Server on Linux 10.5.4
Tableau Server on Linux 2018.1.1