CVE-2021-39303

Опубликовано: 12 нояб. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The server in Jamf Pro before 10.32.0 has an SSRF vulnerability, aka PI-006352. NOTE: Jamf Nation will also publish an article about this vulnerability.

Ссылки

https://blog.assetnote.io/2021/11/30/jamf-ssrf/
Exploit
Third Party Advisory
https://community.jamf.com/t5/jamf-pro/what-s-new-in-jamf-pro-10-32-release/m-p/246505
Vendor Advisory
https://docs.jamf.com/10.32.0/jamf-pro/release-notes/Resolved_Issues.html
Release Notes
Vendor Advisory
https://www.jamf.com/resources/product-documentation/jamf-pro-release-notes/
Release Notes
Vendor Advisory
https://blog.assetnote.io/2021/11/30/jamf-ssrf/
Exploit
Third Party Advisory
https://community.jamf.com/t5/jamf-pro/what-s-new-in-jamf-pro-10-32-release/m-p/246505
Vendor Advisory
https://docs.jamf.com/10.32.0/jamf-pro/release-notes/Resolved_Issues.html
Release Notes
Vendor Advisory
https://www.jamf.com/resources/product-documentation/jamf-pro-release-notes/
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jamf:jamf:*:*:*:*:pro:*:*:*

Версия до 10.32.0 (исключая)

EPSS

Процентиль: 72%

0.00731

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-918

Связанные уязвимости

GHSA-2f86-pr4w-rpg5

github

больше 3 лет назад

The server in Jamf Pro before 10.32.0 has a vulnerability affecting integrity and availability, aka PI-006352. NOTE: Jamf Nation will also publish an article about this vulnerability.