Tableau Security Notification - Server-Side Request Forgery

Published: 01 Aug 2023
Last Modified Date: 07 Sep 2023


On August 1, 2023 Tableau emailed portal admins and security point of contacts for all active Tableau Server accounts about a server-side request forgery (SSRF) vulnerability in Tableau Server which could allow a malicious actor with the ability to authenticate into your instance of Tableau Server to access data hosted on your Tableau Server’s network that does not require authentication. Tableau has assigned a CVSSv3 score as a 7.7.


This vulnerability impacts all currently supported versions of Tableau Server released on or before June 29, 2023, which include 2021.3 - 2021.3.24, 2021.4 - 2021.4.19, 2022.1 - 2022.1.15, 2022.3 - 2022.3.7, and 2023.1 - 2023.1.3, respectively.


On August 1, 2023, Tableau released a new version of Tableau Server and removed all impacted versions of Tableau Server from our website for public download. The released versions include: 2023.1.4, 2022.3.8, 2022.1.16, 2021.4.20, and 2021.3.25, which are available for download on the Tableau Server Maintenance Release page.
Did this article resolve the issue?