Severity: Medium

 

Summary: Tableau Services Manager (TSM) passes a sensitive value via the command line during node initialization.

 

TSM is included with Tableau Server on Linux.  Tableau Server on Windows in not affected by this vulnerability.

 

Impact: Malicious users with access to the host and the ability to view the process list, could view process attributes, including the TSM administrator password.

 

Vulnerable Versions:  The following versions have this vulnerability:

Tableau Server on Linux 2018.1 (through 2018.1.0).

 

Resolution: The issue can be fixed by upgrading to the following version:

Tableau Server on Linux 2018.1.1