Skip to content

TAN-2026-003

Tanium addressed an insecure file permissions vulnerability.

Severity: Medium

Base Score: 6.5

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Impact

This vulnerability could allow an attacker with access to the system running the Enforce Recovery Key Portal to gain read-only access to data they should not have access to.

Products Affected

  • Enforce Recovery Key Portal from v1.0.0 prior to v1.62.5

Available Updates

  • Enforce Recovery Key Portal v1.62.5

Customers should download the latest Enforce Recovery Key Portal from the Enforce workbench in the Tanium Console.

Additionally, users may take the following actions if they believe the Enforce Recovery Key Portal installation folder could have been accessed by an unauthorized party: - Rotate the server key during the installation. - Rotate the API token. - Rotate the recovery keys.

See https://help.tanium.com/bundle/ug_enforce_cloud/page/enforce/recovery-portal.html for more information.

Workaround and Mitigations

None.

Acknowledgements

None.