Highest overall severity: Medium


Summary:

The debug logs that Tableau Mobile generates contain sensitive tokens such as the workgroupsessionid and access_token cookies.


Impact:

A person with access to these debug logs and access to the Tableau Server instance that they are associated with could use them to authenticate to the Tableau Server instance.


Products and Versions: Tableau Server | Tableau Desktop | Tableau Bridge | Tableau Prep Builder | Tableau Reader | Tableau Mobile | Tableau Public Desktop
Versions that are no longer supported are not tested and may be vulnerable.


Tableau Server

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not affected.


Tableau Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not affected.


Tableau Bridge (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not affected.


Tableau Prep Builder (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not affected.


Tableau Reader (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not affected.


Tableau Mobile (Back to top of page)

Severity: Medium
CVSS3 Score: AV:L AC:L PR:H UI:R S:U C:H I:N A:N - 4.2 Medium

Vulnerable versions:

  • Tableau Mobile 19.225.1731 through 19.402.1795

Resolved in versions:

  • Tableau Mobile 19.430.1863


Tableau Public Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not affected.