Severity: Medium


Summary: The ziplogs command (tsm maintenance ziplogs) is used by Tableau Server administrators to package configuration information and log files to send to Tableau Support. Unneeded, but sensitive information is contained in these zip archives.


Impact: Running the ziplogs command on a Tableau Server that is configured with external SSL will generate an archive file that includes the private key for the external SSL certificate.


Vulnerable Versions:  The following versions have this vulnerability:

Tableau Server 2018.2.0 through 2018.2.3

Tableau Server 2018.3.0

Tableau Server on Linux 10.5 through 10.5.9

Tableau Server on Linux 2018.1.0 through 2018.1.6

Tableau Server on Linux 2018.2.0 through 2018.2.3

Tableau Server on Linux 2018.3.0

Resolution: The issue can be fixed by upgrading to the following version:

Tableau Server 2018.2.4

Tableau Server 2018.3.1

Tableau Server on Linux 10.5.10

Tableau Server on Linux 2018.1.7

Tableau Server on Linux 2018.2.4

Tableau Server on Linux 2018.3.1