Created
September 30, 2019 18:16
-
-
Save kitzy/95d1aa273aa08b0c306e6de1017cf835 to your computer and use it in GitHub Desktop.
Details regarding the vulnerability patched in Jamf Pro 10.15.1 and 10.13.1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| In order to help customers understand the severity of security vulnerabilities, Jamf uses the Common Vulnerability Scoring System (CVSS). For more information about CVSS, see https://www.first.org/cvss/. | |
| The CVSS v3.1 score for PI-007507 in version 9.81 is 10.0 (Critical): https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H | |
| Jamf Pro Version 10.14 through 10.15 | |
| A request containing specially crafted package could be sent to certain endpoints in Jamf Pro resulting in the deletion of files on the server. | |
| Jamf Pro Version 9.4 through 10.13 | |
| A request containing specially crafted package could be sent to certain endpoints in Jamf Pro resulting in the deletion of files on the server, denial of service (DoS) and or potentially remote code execution (RCE). | |
| It is important to note the following: | |
| This only impacts the Jamf Pro server and does not extend to managed clients or client management functions | |
| This only impacts files on the Jamf Pro server that are accessible to the user that is running the Jamf Pro process | |
| In addition, The CVE ID has been requested and is being processed. We will send an update as soon as we receive it. We’ll also work on being able to provide relevant details to the appropriate parties in a more expedient fashion in the future as well. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment