CVE-2024-4395

Published: Jun 27, 2024Modified: Nov 21, 2024

7.3

Vector

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:M/U:Green

Show more

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:M/U:GreenShow less

Source: 67325c3f-c596-46c5-a235-e1a1e73abe4e (Secondary)

Description

The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation.

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (8)

https://github.com/Jamf-Concepts/jamf-compliance-editor/raw/v1.3.1/Jamf%20Compliance%20Editor%20-%20User%20Guide.pdf

Source: 67325c3f-c596-46c5-a235-e1a1e73abe4e

https://github.com/Jamf-Concepts/jamf-compliance-editor/releases/download/v1.3.1/JamfComplianceEditor.v1.3.1.pkg

Source: 67325c3f-c596-46c5-a235-e1a1e73abe4e

https://khronokernel.com/macos/2024/05/01/CVE-2024-4395.html

Source: 67325c3f-c596-46c5-a235-e1a1e73abe4e

https://trusted.jamf.com/docs/establishing-compliance-baselines#support

Source: 67325c3f-c596-46c5-a235-e1a1e73abe4e

https://github.com/Jamf-Concepts/jamf-compliance-editor/raw/v1.3.1/Jamf%20Compliance%20Editor%20-%20User%20Guide.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/Jamf-Concepts/jamf-compliance-editor/releases/download/v1.3.1/JamfComplianceEditor.v1.3.1.pkg

Source: af854a3a-2127-422b-91ae-364da2661108

https://khronokernel.com/macos/2024/05/01/CVE-2024-4395.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://trusted.jamf.com/docs/establishing-compliance-baselines#support

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.