CVE-2024-4395
Lack of Client Validation in Jamf Compliance Editor's Helper Service May Result in Privilege Escalation
The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation.
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:N/R:U/V:D/RE:M/U:Green
Affected products
JAMF · Jamf Compliance EditorWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/Jamf-Concepts/jamf-compliance-editor/raw/v1.3.1/Jamf%20Compliance%20Editor%20-%20User%20Guide.pdfhttps://github.com/Jamf-Concepts/jamf-compliance-editor/releases/download/v1.3.1/JamfComplianceEditor.v1.3.1.pkghttps://khronokernel.com/macos/2024/05/01/CVE-2024-4395.htmlhttps://trusted.jamf.com/docs/establishing-compliance-baselines#support