Highest overall severity: Medium

 

Summary:

Tableau Server logs password for the private key and keystore at upgrade time when tsm.controlapp.log.level is set to DEBUG.

 

Impact:

An attacker who has access to the log file can decrpyt key and keystore file to get private keys.


Products and Versions: Tableau Server | Tableau Desktop | Tableau Bridge | Tableau Prep Builder | Tableau Reader | Tableau Mobile | Tableau Public Desktop
Versions that are no longer supported are not tested and may be vulnerable.

 

Tableau Server

Severity: Medium
CVSS3 Score: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N - 4.3 Medium
Product Specific Notes: Not affected.

Vulnerable versions:

  • Tableau Server on Linux 2019.2 through 2019.2.2

  • Tableau Server on Windows 2019.2 through 2019.2.2

 

Resolved in versions:

  • Tableau Server on Linux 2019.2.3

  • Tableau Server on Windows 2019.2.3


Tableau Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not affected.


Tableau Bridge (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not affected.


Tableau Prep Builder (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not affected.


Tableau Reader (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not affected.


Tableau Mobile (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not affected.


Tableau Public Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not affected.