CVE-2020-6939 : Exploit Details and Defense Strategies

Tableau Server installations configured with Site-Specific SAML are vulnerable to account takeover due to incorrect access control. Learn about the impact, technical details, and mitigation steps.

Understanding CVE-2020-6939

Tableau Server versions 2018.2 through 2020.3 are affected by an access control vulnerability that could lead to account compromise.

What is CVE-2020-6939?

Tableau Server instances with Site-Specific SAML allowing unauthenticated API access are at risk. Exploiting this flaw could enable unauthorized users to manipulate SAML settings, potentially resulting in account hijacking.

The Impact of CVE-2020-6939

Unauthorized users can exploit the vulnerability to access and modify SAML settings, leading to account takeover.

Technical Details of CVE-2020-6939

Tableau Server's vulnerability stems from incorrect access control implementation.

Vulnerability Description

Incorrectly configured Site-Specific SAML settings allow unauthenticated users to access APIs, posing a security risk.

Affected Systems and Versions

Versions affected on both Windows and Linux include 2018.2 through 2020.3.

Exploitation Mechanism

Malicious users can exploit the vulnerability to manipulate SAML settings and potentially take over user accounts.

Mitigation and Prevention

Implement immediate and long-term security measures to safeguard against CVE-2020-6939.

Immediate Steps to Take

Disable unauthenticated API access and review SAML configurations.
Monitor for unauthorized changes to SAML settings.

Long-Term Security Practices

Regularly update Tableau Server to the latest version.
Conduct security audits to identify and address access control issues.
Educate users on secure SAML configuration practices.

Patching and Updates

Apply security patches provided by Tableau to address the vulnerability.