[Important] ADV-2017-022: Site SAML logs are available to non-administrator users on Tableau Server

Version 1

    Severity: Medium

     

    Summary:  A vulnerable version of Tableau Server configured for Site SAML contains a flaw that can be exploited by an authenticated user. The user, after authenticating to a given site, can access the log file for the same site. The log file contains information about the SAML Responses, including which users have accessed the server.

     

    Impact: An authenticated user can gain detailed information about other users' SAML Responses.

     

    Vulnerable Version: 10.4.0

     

    Resolution: The issue can be fixed by upgrading to the following version:

    Tableau Server 10.4.1