GoogleOSV:CVE-2024-4395CVE-2024-4395
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS4
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
ACTIVE
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H/S:N/AU:N/U:Green/R:U/V:D/RE:M
AI Score
Confidence
High
The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation.
References
github.com/Jamf-Concepts/jamf-compliance-editor/raw/v1.3.1/Jamf%20Compliance%20Editor%20-%20User%20Guide.pdf
github.com/Jamf-Concepts/jamf-compliance-editor/releases/download/v1.3.1/JamfComplianceEditor.v1.3.1.pkg
khronokernel.com/macos/2024/05/01/CVE-2024-4395.html
trusted.jamf.com/docs/establishing-compliance-baselines#support
Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS4
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
ACTIVE
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H/S:N/AU:N/U:Green/R:U/V:D/RE:M
AI Score
Confidence
High