Highest overall severity: Medium


Summary:

A workbook published to Tableau Server with a datasource that has been set to "Publish Separately" and an authentication choice of "Prompt" will publish in an unexpected way. The separate datasource will be published with authentication set to "Prompt". However, the workbook will be published with a connection to the new datasource and the authentication is set to "Embedded Password".


Impact:

A Tableau Server user that has access to the workbook will be able to open the workbook and use the embedded credentials to connect to the datasource.


Products and Versions: Tableau Server | Tableau Desktop | Tableau Bridge | Tableau Prep Builder | Tableau Reader | Tableau Mobile | Tableau Public Desktop
Versions that are no longer supported are not tested and may be vulnerable.


Tableau Server

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not affected.


Tableau Desktop (Back to top of page)

Severity: Medium
CVSS3 Score: AV:N AC:L PR:L UI:N S:U C:H I:N A:N - 6.5 Medium


Vulnerable versions:

  • Tableau Desktop on Windows 10.2 through 10.2.20
  • Tableau Desktop on Windows 10.3 through 10.3.20
  • Tableau Desktop on Windows 10.4 through 10.4.16
  • Tableau Desktop on Windows 10.5 through 10.5.15
  • Tableau Desktop on Windows 2018.1 through 2018.1.12
  • Tableau Desktop on Windows 2018.2 through 2018.2.9
  • Tableau Desktop on Windows 2018.3 through 2018.3.6
  • Tableau Desktop on Windows 2019.1 through 2019.1.3

  • Tableau Desktop on Mac 10.2 through 10.2.20
  • Tableau Desktop on Mac 10.3 through 10.3.20
  • Tableau Desktop on Mac 10.4 through 10.4.16
  • Tableau Desktop on Mac 10.5 through 10.5.15
  • Tableau Desktop on Mac 2018.1 through 2018.1.12
  • Tableau Desktop on Mac 2018.2 through 2018.2.9
  • Tableau Desktop on Mac 2018.3 through 2018.3.6
  • Tableau Desktop on Mac 2019.1 through 2019.1.3


Resolved in versions:

  • Tableau Desktop on Windows 10.2.21
  • Tableau Desktop on Windows 10.3.21
  • Tableau Desktop on Windows 10.4.17
  • Tableau Desktop on Windows 10.5.16
  • Tableau Desktop on Windows 2018.1.13
  • Tableau Desktop on Windows 2018.2.10
  • Tableau Desktop on Windows 2018.3.7
  • Tableau Desktop on Windows 2019.1.4

  • Tableau Desktop on Mac 10.2.21
  • Tableau Desktop on Mac 10.3.21
  • Tableau Desktop on Mac 10.4.17
  • Tableau Desktop on Mac 10.5.16
  • Tableau Desktop on Mac 2018.1.13
  • Tableau Desktop on Mac 2018.2.10
  • Tableau Desktop on Mac 2018.3.7
  • Tableau Desktop on Mac 2019.1.4


Tableau Bridge (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not affected.


Tableau Prep Builder (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not affected.


Tableau Reader (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not affected.


Tableau Mobile (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not affected.


Tableau Public Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not affected.