Highest overall severity: Medium

 

Summary:

In certain circumstances, a flow may attempt to use the wrong authentication value when connecting to a datasource.

 

Impact:

The flow will fail to run. The authentication values will be sent to the wrong datasource. This can happen in both Tableau Prep Builder and Tableau Prep Conductor.

 


Products and Versions: Tableau Server | Tableau Desktop | Tableau Bridge | Tableau Prep Builder | Tableau Reader | Tableau Mobile | Tableau Public Desktop
Versions that are no longer supported are not tested and may be vulnerable.

 

Tableau Server

Severity: Medium
CVSS3 Score: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N - 5.7 Medium

 

Product Specific Notes:

This only affects Tableau Server with the Data Management Add-On. The wrong authentication value can come from a flow published to a different site on Tableau Server than the site that the current flow is published on.

 

Vulnerable versions:

  • Tableau Server on Linux 2019.1.0 through 2019.1.8
  • Tableau Server on Linux 2019.2.0 through 2019.2.4
  • Tableau Server on Linux 2019.3.0 through 2019.3.0

  • Tableau Server on Windows 2019.1.0 through 2019.1.8
  • Tableau Server on Windows 2019.2.0 through 2019.2.4
  • Tableau Server on Windows 2019.3.0 through 2019.3.0

 

Resolved in versions:

  • Tableau Server on Linux 2019.1.9
  • Tableau Server on Linux 2019.2.5
  • Tableau Server on Linux 2019.3.1

  • Tableau Server on Windows 2019.1.9
  • Tableau Server on Windows 2019.2.5
  • Tableau Server on Windows 2019.3.1

 

Tableau Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

 

Tableau Bridge (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

 

Tableau Prep Builder (Back to top of page)

Severity: Medium
CVSS3 Score: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N - 6.5 Medium

 

Product Specific Notes:

A use that opens a malicious flow must authenticate to datasources before this vulnerability can be triggered.

 

Vulnerable versions:

  • Tableau Prep Builder on Mac 2018.1.1 through 2019.3.2

  • Tableau Prep Builder on Windows 2018.1.1 through 2019.3.2

 

Resolved in versions:

  • Tableau Prep Builder on Mac 2019.4.1

 

  • Tableau Prep Builder on Windows 2019.4.1

 

Tableau Reader (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

 

Tableau Mobile (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

 

Tableau Public Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.