Cross-site request forgery (CSRF) is a client-side attack that is also known as a one-click attack, it showed up in the IBM Security App Scanner as a Medium issue type.
Below are the Vulnerable URLs as per the scan:
/vizportal/api/web/v1/getActionInfo
/vizportal/api/web/v1/getEffectivePermissions
/vizportal/api/web/v1/getExtractTasks 2
/vizportal/api/web/v1/getServerInfo 1
/vizportal/api/web/v1/getServerSettings 1
/vizportal/api/web/v1/getSiteSettingsForServerAdmin
/vizportal/api/web/v1/hasSiteLicensingConsumptionInfo
Is there any mitigation techniques available?
Hello Selva,
If you have a security concern, please create a ticket with Tableau Support at https://support.tableau.com
Thank you
Patrick
Become a Viz Whiz on the Forums! Support the Community and master Tableau.