Summary: The cookie used to identify the Tableau Services Manager (TSM) Web UI session does not expire if a browser window to the web interface remains open.
Impact: This vulnerability increases the risk that an unattended computer where the TSM web UI is left open will host a valid session. The open valid session allows users to perform administrative actions on the Tableau Server installation.
Vulnerable Versions: The following versions have this vulnerability:
Tableau Server 2018.2.0 through 2018.2.3
Tableau Server 2018.3.0
Tableau Server on Linux 2018.2.0 through 2018.2.3
Tableau Server on Linux 2018.3.0
Resolution: The issue can be fixed by upgrading to the following version:
Tableau Server 2018.2.4
Tableau Server 2018.3.1
Tableau Server on Linux 2018.2.4
Tableau Server on Linux 2018.3.1