Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users. If exploited, this could allow a malicious user to configure Site-Specific SAML settings and could lead to account takeover for users of that site. Tableau Server versions affected on both Windows and Linux are: 2018.2 through 2018.2.27, 2018.3 through 2018.3.24, 2019.1 through 2019.1.22, 2019.2 through 2019.2.18, 2019.3 through 2019.3.14, 2019.4 through 2019.4.13, 2020.1 through 2020.1.10, 2020.2 through 2020.2.7, and 2020.3 through 2020.3.2.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Tableau_server | Tableau | 2018.2 (including) | 2018.2.27 (including) |
| Tableau_server | Tableau | 2018.3 (including) | 2018.3.24 (including) |
| Tableau_server | Tableau | 2019.1 (including) | 2019.1.22 (including) |
| Tableau_server | Tableau | 2019.2 (including) | 2019.2.18 (including) |
| Tableau_server | Tableau | 2019.3 (including) | 2019.3.14 (including) |
| Tableau_server | Tableau | 2019.4 (including) | 2019.4.13 (including) |
| Tableau_server | Tableau | 2020.1 (including) | 2020.1.10 (including) |
| Tableau_server | Tableau | 2020.2 (including) | 2020.2.7 (including) |
| Tableau_server | Tableau | 2020.3 (including) | 2020.3.2 (including) |
References
- https://help.salesforce.com/articleView?id=000355686\u0026type=1\u0026mode=1
- https://help.salesforce.com/articleView?id=000355686\u0026type=1\u0026mode=1