Severity: High

 

Summary: This vulnerability requires that a malicious user embeds specific parameters in a Tableau workbook. The malicious user must also have rights to publish the workbook on Tableau Server. Alternatively, the malicious user must convince a victim to open the affected workbook in Tableau Desktop.

 

Impact: A memory corruption error can occur. This memory corruption might result in arbitrary code execution or a crash.

 

Vulnerable Versions:  The following versions have this vulnerability:

Tableau Server 2018.3.0

Tableau Server on Linux 2018.3.0

 

Tableau Desktop 2018.3.0

 

 

Resolution: The issue can be fixed by upgrading to the following version:

Tableau Server 2018.3.1

Tableau Server on Linux 2018.3.1

 

Tableau Desktop 2018.3.1