Summary: This vulnerability requires that a malicious user embeds specific parameters in a Tableau workbook. The malicious user must also have rights to publish the workbook on Tableau Server.Alternatively, the malicious user must convince a victim to open the affected workbook in Tableau Desktop.
Impact: A memory corruption error can occur. This memory corruption might result in arbitrary code execution or a crash.
Vulnerable Versions: The following versions have this vulnerability:
Tableau Server 2018.3.0
Tableau Server on Linux 2018.3.0
Tableau Desktop 2018.3.0
Resolution: The issue can be fixed by upgrading to the following version: