CVE-2020-6938 : Security Advisory and Response

A sensitive information disclosure vulnerability in Tableau Server versions 10.5, 2018.x, 2019.x, and 2020.x could allow unauthorized access to sensitive information in log files.

Understanding CVE-2020-6938

This CVE identifies a vulnerability in Tableau Server that could lead to the exposure of sensitive data.

What is CVE-2020-6938?

The vulnerability in Tableau Server versions 10.5, 2018.x, 2019.x, and 2020.x, if released before June 26, 2020, allows attackers to access confidential information stored in log files.

The Impact of CVE-2020-6938

The vulnerability poses a risk of unauthorized access to sensitive data, potentially leading to data breaches and privacy violations.

Technical Details of CVE-2020-6938

This section provides technical insights into the vulnerability.

Vulnerability Description

The vulnerability in Tableau Server versions 10.5, 2018.x, 2019.x, and 2020.x allows attackers to exploit log files to access sensitive information.

Affected Systems and Versions

Product: Tableau
Versions: 10.5, 2018.1, 2018.2, 2018.3, 2019.1, 2019.2, 2019.3, 2019.4, 2020.1, 2020.2

Exploitation Mechanism

Attackers can exploit this vulnerability by gaining unauthorized access to log files in Tableau Server versions mentioned above.

Mitigation and Prevention

Protect your systems from this vulnerability with the following steps:

Immediate Steps to Take

Update Tableau Server to a patched version that addresses the vulnerability.
Monitor log files for any unauthorized access or suspicious activities.

Long-Term Security Practices

Regularly update Tableau Server to the latest versions to ensure security patches are applied.
Implement access controls and encryption mechanisms to safeguard sensitive data.

Patching and Updates

Ensure timely installation of security patches and updates for Tableau Server to mitigate the risk of sensitive information disclosure.