KNOWLEDGE BASE

Tableau Security Notification - Server-Side Request Forgery

Published: 01 Aug 2023
Last Modified Date: 07 Sep 2023

Issue

On August 1, 2023 Tableau emailed portal admins and security point of contacts for all active Tableau Server accounts about a server-side request forgery (SSRF) vulnerability in Tableau Server which could allow a malicious actor with the ability to authenticate into your instance of Tableau Server to access data hosted on your Tableau Server’s network that does not require authentication. Tableau has assigned a CVSSv3 score as a 7.7.

Environment

This vulnerability impacts all currently supported versions of Tableau Server released on or before June 29, 2023, which include 2021.3 - 2021.3.24, 2021.4 - 2021.4.19, 2022.1 - 2022.1.15, 2022.3 - 2022.3.7, and 2023.1 - 2023.1.3, respectively.

Resolution

On August 1, 2023, Tableau released a new version of Tableau Server and removed all impacted versions of Tableau Server from our website for public download. The released versions include: 2023.1.4, 2022.3.8, 2022.1.16, 2021.4.20, and 2021.3.25, which are available for download on the Tableau Server Maintenance Release page.
Did this article resolve the issue?    
PRINT THIS PAGE
Trending Articles
Attachments


All Support

SUPPORT BY PRODUCT
TOOLS & DOWNLOADS
INFORMATION
ASSISTANCE