CVSS: 5.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-10183 – Arbitrary File Write Vulnerability in Jamf Remote Assist Leading to Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-10183
A vulnerability in Jamf Pro's Jamf Remote Assist tool allows a local, non-privileged user to escalate their privileges to root on MacOS systems. • https://learn.jamf.com/en-US/bundle/jamf-remote-assist-release-notes/page/Jamf_Remote_Assist_Release_History.html#ariaid-title4 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4395 – Lack of Client Validation in Jamf Compliance Editor's Helper Service May Result in Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-4395
The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation. El servicio XPC dentro de la funcionalidad de auditoría de Jamf Compliance Editor anterior a la versión 1.3.1 en macOS puede provocar una escalada de privilegios locales. • https://github.com/Jamf-Concepts/jamf-compliance-editor/raw/v1.3.1/Jamf%20Compliance%20Editor%20-%20User%20Guide.pdf https://github.com/Jamf-Concepts/jamf-compliance-editor/releases/download/v1.3.1/JamfComplianceEditor.v1.3.1.pkg https://khronokernel.com/macos/2024/05/01/CVE-2024-4395.html https://trusted.jamf.com/docs/establishing-compliance-baselines#support • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31224
https://notcve.org/view.php?id=CVE-2023-31224
There is broken access control during authentication in Jamf Pro Server before 10.46.1. Hay un control de acceso roto durante la autenticación en Jamf Pro Server anterior a 10.46.1. • https://learn.jamf.com/bundle/jamf-pro-release-notes-10.47.0/page/Resolved_Issues.html • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29564
https://notcve.org/view.php?id=CVE-2022-29564
Jamf Private Access before 2022-05-16 has Incorrect Access Control, in which an unauthorized user can reach a system in the internal infrastructure, aka WND-44801. Jamf Private Access versiones anteriores a 16-05-2022, presenta un Control de Acceso Incorrecto, en el que un usuario no autorizado puede alcanzar un sistema en la infraestructura interna, también se conoce como WND-44801 • https://github.com/wandera/public-disclosures/blob/master/CVE-2022-29564.md https://jamf.com •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-40809
https://notcve.org/view.php?id=CVE-2021-40809
An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An account can be granted incorrect privileges in response to authentication that uses specific sign-on workflows. Se ha detectado un problema en Jamf Pro versiones anteriores a 10.32.0, también se conoce como PI-009921. Una cuenta puede recibir privilegios incorrectos en respuesta a la autenticación que usa flujos de trabajo de inicio de sesión específicos • https://blog.assetnote.io/2021/11/30/jamf-ssrf https://docs.jamf.com/10.32.0/jamf-pro/release-notes/Resolved_Issues.html https://www.jamf.com/resources/product-documentation/jamf-pro-release-notes • CWE-918: Server-Side Request Forgery (SSRF) •