JAMFCVELIST:CVE-2024-4395CVE-2024-4395 Lack of Client Validation in Jamf Compliance Editor's Helper Service May Result in Privilege Escalation
7.3 High
CVSS4
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
ACTIVE
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H/S:N/AU:N/U:Green/R:U/V:D/RE:M
0.0004 Low
EPSS
Percentile
15.7%
The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation.
CNA Affected
[
{
"defaultStatus": "affected",
"platforms": [
"MacOS"
],
"product": "Jamf Compliance Editor",
"vendor": "JAMF",
"versions": [
{
"lessThan": "1.3.1",
"status": "affected",
"version": "1",
"versionType": "custom"
}
]
}
]References
github.com/Jamf-Concepts/jamf-compliance-editor/raw/v1.3.1/Jamf%20Compliance%20Editor%20-%20User%20Guide.pdf
github.com/Jamf-Concepts/jamf-compliance-editor/releases/download/v1.3.1/JamfComplianceEditor.v1.3.1.pkg
khronokernel.com/macos/2024/05/01/CVE-2024-4395.html
trusted.jamf.com/docs/establishing-compliance-baselines#support
Related
7.3 High
CVSS4
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
ACTIVE
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H/S:N/AU:N/U:Green/R:U/V:D/RE:M
0.0004 Low
EPSS
Percentile
15.7%