Highest overall severity: Medium

 

Summary:

Tableau Server services log configuration values at startup. These log files can contain sensitive configuration values. For example, if Tableau Server is configured for SSL and the associated private key uses a passphrase, then the passphrase will appear in the log files.

 

Impact:

Malicious users with access to the Tableau Server log files can learn sensitive configuration values.

 

Products and Versions: Tableau Server | Tableau Desktop | Tableau Bridge | Tableau Prep | Tableau Reader | Tableau Mobile | Tableau Public Desktop
*Versions that are no longer supported are not tested and may be vulnerable.

 

Tableau Server

Severity: Medium
CVSS3 Score: AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N - 4.4 Medium

 

Vulnerable versions:

  • Tableau Server on Windows 10.0 through 10.0.21
  • Tableau Server on Windows 10.1 through 10.1.20
  • Tableau Server on Windows 10.2 through 10.2.16
  • Tableau Server on Windows 10.3 through 10.3.16
  • Tableau Server on Windows 10.4 through 10.4.12
  • Tableau Server on Windows 10.5 through 10.5.11
  • Tableau Server on Windows 2018.1 through 2018.1.8
  • Tableau Server on Windows 2018.2 through 2018.2.5
  • Tableau Server on Windows 2018.3 through 2018.3.2

  • Tableau Server on Linux 10.5 through 10.5.11
  • Tableau Server on Linux 2018.1 through 2018.1.8
  • Tableau Server on Linux 2018.2 through 2018.2.5
  • Tableau Server on Linux 2018.3 through 2018.3.2

 

Resolved in versions:

 

  • Tableau Server on Windows 10.0.22
  • Tableau Server on Windows 10.1.21
  • Tableau Server on Windows 10.2.17
  • Tableau Server on Windows 10.3.17
  • Tableau Server on Windows 10.4.13
  • Tableau Server on Windows 10.5.12
  • Tableau Server on Windows 2018.1.9
  • Tableau Server on Windows 2018.2.6
  • Tableau Server on Windows 2018.3.3

  • Tableau Server on Linux 10.5.12
  • Tableau Server on Linux 2018.1.9
  • Tableau Server on Linux 2018.2.6
  • Tableau Server on Linux 2018.3.3

 

Tableau Desktop (Back to top of page)

Severity: N/A

CVSS3 Score: N/A
Product specific notes: Not affected.

 

Tableau Bridge (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not affected

 

Tableau Prep (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not affected.

 

Tableau Reader (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not Affected.

 

Tableau Mobile (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not affected.

 

Tableau Public Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not affected.