Tableau Python Server (TabPy) installations may be configured to execute arbitrary python code without authentication
Latest
·
10 commits
to master
since this release
v2.9.0
An unauthenticated attacker could perform remote code execution on TabPy instances that do not have authentication enabled. This release now requires confirmation to continue when starting TabPy without authentication, with a warning that this is an insecure state and not recommended.