Summary: The cookie used to identify the Tableau Services Manager (TSM)Web UI session does not expire if a browser window to the web interface remains open.
Impact: This vulnerability increases the risk that an unattended computer where the TSM web UI is left open will host a valid session.The open valid session allows users to perform administrative actions on the Tableau Server installation.
Vulnerable Versions: The following versions have this vulnerability:
Tableau Server 2018.2.0 through 2018.2.3
Tableau Server 2018.3.0
Tableau Server on Linux 2018.2.0 through 2018.2.3
Tableau Server on Linux 2018.3.0
Resolution: The issue can be fixed by upgrading to the following version: