Severity: Medium

 

Summary: Tableau Services Manager (TSM) CLI logs all commands and their parameters to a local log file. When sensitive parameters are given, such as the password parameter used to authenticate to TSM, the value is written to the log in plaintext.

The TSM CLI component is included Tableau Server on Linux.  Tableau Server on Windows is not affected by this vulnerability.

 

Impact: Malicious users with access to the TSM CLI logs can access passwords that are used for authenticating Tableau Server Manager.

 

Vulnerable Versions:  The following versions have this vulnerability:

Tableau Server for Linux 10.5 (through 10.5.4)

Tableau Server on Linux 2018.1 (through 2018.1.1)

 

Resolution: The issue can be fixed by upgrading to the following version:

Tableau Server on Linux 10.5.5

Tableau Server on Linux 2018.1.2

 

Acknowledgements: This issue was reported to Tableau by Paul Grimshaw (Totally Techy)