CVE-2024-4395 (GCVE-0-2024-4395)
Vulnerability from cvelistv5 – Published: 2024-06-27 21:28 – Updated: 2024-08-01 20:40
VLAI?
Title
Lack of Client Validation in Jamf Compliance Editor's Helper Service May Result in Privilege Escalation
Summary
The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation.
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JAMF | Jamf Compliance Editor |
Affected:
1 , < 1.3.1
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:jamf:jamf_compliance_editor:1.3.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "jamf_compliance_editor",
"vendor": "jamf",
"versions": [
{
"lessThan": "1.3.1",
"status": "affected",
"version": "1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-4395",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-28T14:38:43.447648Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T14:44:50.624Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:40:47.140Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"technical-description",
"third-party-advisory",
"x_transferred"
],
"url": "https://khronokernel.com/macos/2024/05/01/CVE-2024-4395.html"
},
{
"tags": [
"vendor-advisory",
"release-notes",
"x_transferred"
],
"url": "https://github.com/Jamf-Concepts/jamf-compliance-editor/raw/v1.3.1/Jamf%20Compliance%20Editor%20-%20User%20Guide.pdf"
},
{
"tags": [
"product",
"patch",
"x_transferred"
],
"url": "https://trusted.jamf.com/docs/establishing-compliance-baselines#support"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/Jamf-Concepts/jamf-compliance-editor/releases/download/v1.3.1/JamfComplianceEditor.v1.3.1.pkg"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"MacOS"
],
"product": "Jamf Compliance Editor",
"vendor": "JAMF",
"versions": [
{
"lessThan": "1.3.1",
"status": "affected",
"version": "1",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-05-01T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation.\u003c/p\u003e"
}
],
"value": "The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:N/R:U/V:D/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T21:28:35.198Z",
"orgId": "67325c3f-c596-46c5-a235-e1a1e73abe4e",
"shortName": "JAMF"
},
"references": [
{
"tags": [
"technical-description",
"third-party-advisory"
],
"url": "https://khronokernel.com/macos/2024/05/01/CVE-2024-4395.html"
},
{
"tags": [
"vendor-advisory",
"release-notes"
],
"url": "https://github.com/Jamf-Concepts/jamf-compliance-editor/raw/v1.3.1/Jamf%20Compliance%20Editor%20-%20User%20Guide.pdf"
},
{
"tags": [
"product",
"patch"
],
"url": "https://trusted.jamf.com/docs/establishing-compliance-baselines#support"
},
{
"tags": [
"patch"
],
"url": "https://github.com/Jamf-Concepts/jamf-compliance-editor/releases/download/v1.3.1/JamfComplianceEditor.v1.3.1.pkg"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to Jamf Compliance Editor 1.3.1"
}
],
"value": "Upgrade to Jamf Compliance Editor 1.3.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Lack of Client Validation in Jamf Compliance Editor\u0027s Helper Service May Result in Privilege Escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "67325c3f-c596-46c5-a235-e1a1e73abe4e",
"assignerShortName": "JAMF",
"cveId": "CVE-2024-4395",
"datePublished": "2024-06-27T21:28:35.198Z",
"dateReserved": "2024-05-01T17:32:09.801Z",
"dateUpdated": "2024-08-01T20:40:47.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation.\"}, {\"lang\": \"es\", \"value\": \"El servicio XPC dentro de la funcionalidad de auditor\\u00eda de Jamf Compliance Editor anterior a la versi\\u00f3n 1.3.1 en macOS puede provocar una escalada de privilegios locales.\"}]",
"id": "CVE-2024-4395",
"lastModified": "2024-11-21T09:42:45.670",
"metrics": "{\"cvssMetricV40\": [{\"source\": \"67325c3f-c596-46c5-a235-e1a1e73abe4e\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"4.0\", \"vectorString\": \"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:M/U:Green\", \"baseScore\": 7.3, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"ACTIVE\", \"vulnerableSystemConfidentiality\": \"HIGH\", \"vulnerableSystemIntegrity\": \"HIGH\", \"vulnerableSystemAvailability\": \"HIGH\", \"subsequentSystemConfidentiality\": \"HIGH\", \"subsequentSystemIntegrity\": \"HIGH\", \"subsequentSystemAvailability\": \"HIGH\", \"exploitMaturity\": \"NOT_DEFINED\", \"confidentialityRequirements\": \"NOT_DEFINED\", \"integrityRequirements\": \"NOT_DEFINED\", \"availabilityRequirements\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"NOT_DEFINED\", \"modifiedAttackRequirements\": \"NOT_DEFINED\", \"modifiedPrivilegesRequired\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NOT_DEFINED\", \"modifiedVulnerableSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedVulnerableSystemIntegrity\": \"NOT_DEFINED\", \"modifiedVulnerableSystemAvailability\": \"NOT_DEFINED\", \"modifiedSubsequentSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedSubsequentSystemIntegrity\": \"NOT_DEFINED\", \"modifiedSubsequentSystemAvailability\": \"NOT_DEFINED\", \"safety\": \"NEGLIGIBLE\", \"automatable\": \"NO\", \"recovery\": \"USER\", \"valueDensity\": \"DIFFUSE\", \"vulnerabilityResponseEffort\": \"MODERATE\", \"providerUrgency\": \"GREEN\"}}], \"cvssMetricV31\": [{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}]}",
"published": "2024-06-27T22:15:10.653",
"references": "[{\"url\": \"https://github.com/Jamf-Concepts/jamf-compliance-editor/raw/v1.3.1/Jamf%20Compliance%20Editor%20-%20User%20Guide.pdf\", \"source\": \"67325c3f-c596-46c5-a235-e1a1e73abe4e\"}, {\"url\": \"https://github.com/Jamf-Concepts/jamf-compliance-editor/releases/download/v1.3.1/JamfComplianceEditor.v1.3.1.pkg\", \"source\": \"67325c3f-c596-46c5-a235-e1a1e73abe4e\"}, {\"url\": \"https://khronokernel.com/macos/2024/05/01/CVE-2024-4395.html\", \"source\": \"67325c3f-c596-46c5-a235-e1a1e73abe4e\"}, {\"url\": \"https://trusted.jamf.com/docs/establishing-compliance-baselines#support\", \"source\": \"67325c3f-c596-46c5-a235-e1a1e73abe4e\"}, {\"url\": \"https://github.com/Jamf-Concepts/jamf-compliance-editor/raw/v1.3.1/Jamf%20Compliance%20Editor%20-%20User%20Guide.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/Jamf-Concepts/jamf-compliance-editor/releases/download/v1.3.1/JamfComplianceEditor.v1.3.1.pkg\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://khronokernel.com/macos/2024/05/01/CVE-2024-4395.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://trusted.jamf.com/docs/establishing-compliance-baselines#support\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "67325c3f-c596-46c5-a235-e1a1e73abe4e",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-269\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-4395\",\"sourceIdentifier\":\"67325c3f-c596-46c5-a235-e1a1e73abe4e\",\"published\":\"2024-06-27T22:15:10.653\",\"lastModified\":\"2024-11-21T09:42:45.670\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation.\"},{\"lang\":\"es\",\"value\":\"El servicio XPC dentro de la funcionalidad de auditor\u00eda de Jamf Compliance Editor anterior a la versi\u00f3n 1.3.1 en macOS puede provocar una escalada de privilegios locales.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"67325c3f-c596-46c5-a235-e1a1e73abe4e\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:M/U:Green\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"ACTIVE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NEGLIGIBLE\",\"Automatable\":\"NO\",\"Recovery\":\"USER\",\"valueDensity\":\"DIFFUSE\",\"vulnerabilityResponseEffort\":\"MODERATE\",\"providerUrgency\":\"GREEN\"}}],\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"references\":[{\"url\":\"https://github.com/Jamf-Concepts/jamf-compliance-editor/raw/v1.3.1/Jamf%20Compliance%20Editor%20-%20User%20Guide.pdf\",\"source\":\"67325c3f-c596-46c5-a235-e1a1e73abe4e\"},{\"url\":\"https://github.com/Jamf-Concepts/jamf-compliance-editor/releases/download/v1.3.1/JamfComplianceEditor.v1.3.1.pkg\",\"source\":\"67325c3f-c596-46c5-a235-e1a1e73abe4e\"},{\"url\":\"https://khronokernel.com/macos/2024/05/01/CVE-2024-4395.html\",\"source\":\"67325c3f-c596-46c5-a235-e1a1e73abe4e\"},{\"url\":\"https://trusted.jamf.com/docs/establishing-compliance-baselines#support\",\"source\":\"67325c3f-c596-46c5-a235-e1a1e73abe4e\"},{\"url\":\"https://github.com/Jamf-Concepts/jamf-compliance-editor/raw/v1.3.1/Jamf%20Compliance%20Editor%20-%20User%20Guide.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/Jamf-Concepts/jamf-compliance-editor/releases/download/v1.3.1/JamfComplianceEditor.v1.3.1.pkg\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://khronokernel.com/macos/2024/05/01/CVE-2024-4395.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://trusted.jamf.com/docs/establishing-compliance-baselines#support\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://khronokernel.com/macos/2024/05/01/CVE-2024-4395.html\", \"tags\": [\"technical-description\", \"third-party-advisory\", \"x_transferred\"]}, {\"url\": \"https://github.com/Jamf-Concepts/jamf-compliance-editor/raw/v1.3.1/Jamf%20Compliance%20Editor%20-%20User%20Guide.pdf\", \"tags\": [\"vendor-advisory\", \"release-notes\", \"x_transferred\"]}, {\"url\": \"https://trusted.jamf.com/docs/establishing-compliance-baselines#support\", \"tags\": [\"product\", \"patch\", \"x_transferred\"]}, {\"url\": \"https://github.com/Jamf-Concepts/jamf-compliance-editor/releases/download/v1.3.1/JamfComplianceEditor.v1.3.1.pkg\", \"tags\": [\"patch\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T20:40:47.140Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-4395\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-28T14:38:43.447648Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:jamf:jamf_compliance_editor:1.3.1:*:*:*:*:*:*:*\"], \"vendor\": \"jamf\", \"product\": \"jamf_compliance_editor\", \"versions\": [{\"status\": \"affected\", \"version\": \"1\", \"lessThan\": \"1.3.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-269\", \"description\": \"CWE-269 Improper Privilege Management\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-28T14:40:03.987Z\"}}], \"cna\": {\"title\": \"Lack of Client Validation in Jamf Compliance Editor\u0027s Helper Service May Result in Privilege Escalation\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"impacts\": [{\"capecId\": \"CAPEC-233\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-233 Privilege Escalation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NEGLIGIBLE\", \"version\": \"4.0\", \"Recovery\": \"USER\", \"baseScore\": 7.3, \"Automatable\": \"NO\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"DIFFUSE\", \"vectorString\": \"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:N/R:U/V:D/RE:M/U:Green\", \"providerUrgency\": \"GREEN\", \"userInteraction\": \"ACTIVE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"MODERATE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"JAMF\", \"product\": \"Jamf Compliance Editor\", \"versions\": [{\"status\": \"affected\", \"version\": \"1\", \"lessThan\": \"1.3.1\", \"versionType\": \"custom\"}], \"platforms\": [\"MacOS\"], \"defaultStatus\": \"affected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Upgrade to Jamf Compliance Editor 1.3.1\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Upgrade to Jamf Compliance Editor 1.3.1\", \"base64\": false}]}], \"datePublic\": \"2024-05-01T07:00:00.000Z\", \"references\": [{\"url\": \"https://khronokernel.com/macos/2024/05/01/CVE-2024-4395.html\", \"tags\": [\"technical-description\", \"third-party-advisory\"]}, {\"url\": \"https://github.com/Jamf-Concepts/jamf-compliance-editor/raw/v1.3.1/Jamf%20Compliance%20Editor%20-%20User%20Guide.pdf\", \"tags\": [\"vendor-advisory\", \"release-notes\"]}, {\"url\": \"https://trusted.jamf.com/docs/establishing-compliance-baselines#support\", \"tags\": [\"product\", \"patch\"]}, {\"url\": \"https://github.com/Jamf-Concepts/jamf-compliance-editor/releases/download/v1.3.1/JamfComplianceEditor.v1.3.1.pkg\", \"tags\": [\"patch\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThe XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation.\u003c/p\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"67325c3f-c596-46c5-a235-e1a1e73abe4e\", \"shortName\": \"JAMF\", \"dateUpdated\": \"2024-06-27T21:28:35.198Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-4395\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T20:40:47.140Z\", \"dateReserved\": \"2024-05-01T17:32:09.801Z\", \"assignerOrgId\": \"67325c3f-c596-46c5-a235-e1a1e73abe4e\", \"datePublished\": \"2024-06-27T21:28:35.198Z\", \"assignerShortName\": \"JAMF\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…