CVEs-PoC/2021/CVE-2021-1629.md

### [CVE-2021-1629](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1629)
![](https://img.shields.io/static/v1?label=Product&message=Tableau&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=Tableau%20Server%20versions%20affected%20on%20both%20Windows%20and%20Linux%20are%3A%202019.4%20through%202019.4.17%202020.1%20through%202020.1.13%202020.2%20through%202020.2.10%202020.3%20through%202020.3.6%202020.4%20through%202020.4.2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Other%20or%20Unknown&color=brightgreen)

### Description

Tableau Server fails to validate certain URLs that are embedded in emails sent to Tableau Server users.

### POC

#### Reference
- http://packetstormsecurity.com/files/162138/Tableau-Server-Open-Redirection.html
- http://seclists.org/fulldisclosure/2021/Apr/22

#### Github
No PoCs found on GitHub currently.