Highest overall severity: Medium

 

Summary:

When importing a site into a Tableau Server 2019.2 instance that is running a version prior to 2019.2.3, the permissions templates applied to the content of the new site may be incorrect.

 

Impact:

Users on the new site may not have permissions on the content as they did in the original site. Incorrect permissions may be inherited on existing content such that users have more access than they did in the original site. Additionally, when users create new content on the site, incorrect permissions may be applied similarly: the permissions may give users more access than intended.

 

Products and Versions: Tableau Server | Tableau Desktop | Tableau Bridge | Tableau Prep | Tableau Reader | Tableau Mobile | Tableau Public Desktop
*Versions that are no longer supported are not tested and may be vulnerable.

 

Tableau Server

Severity: Medium
CVSS3 Score: AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N - 4.2 Medium
Product Specific Notes: None.

Vulnerable versions:

  • Tableau Server on Linux 2019.2.0 through 2019.2.2

  • Tableau Server on Windows 2019.2.0 through 2019.2.2

 

Resolved in versions:

  • Tableau Server on Linux 2019.2.3

  • Tableau Server on Windows 2019.2.3

 

Tableau Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

 

Tableau Bridge (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

 

Tableau Prep (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

 

Tableau Reader (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

 

Tableau Mobile (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

 

Tableau Public Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.