Summary: When connecting to a using Web Authoring in Tableau Server and Tableau Online, the “Require SSL” checkbox is not persisted when the workbook is saved. If the has SSL and non-SSL connections enabled, the workbook will connect to the without using SSL.
On Tableau Desktop, the “Require SSL” checkbox is persisted to the workbook and operates as intended when the workbook is opened in Desktop and when it is published to Tableau Server or Tableau Online.
Impact: Workbooks that are intended to connect to a over SSL do not use SSL and instead connect over plaintext.
Vulnerable Versions: The following versions have this vulnerability:
Tableau Server on Windows: 2018.1.1
Tableau Server on Linux: 2018.1.1
Resolution: The issue can be fixed by upgrading to the following version:
Tableau Server on Windows: 2018.1.2
Tableau Server on Linux: 2018.1.2