Required CVE Record Information
Description
The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation.
CVSS 1 Total
| Score | Severity | Version | Vector String |
|---|---|---|---|
| 7.3 | HIGH | 4.0 | CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:N/R:U/V:D/RE:M/U:Green |
References 4 Total
- https://khronokernel.com/macos/2024/05/01/CVE-2024-4395.html technical-descriptionthird-party-advisory
- https://github.com/Jamf-Concepts/jamf-compliance-editor/raw/v1.3.1/Jamf%20Compliance%20Editor%20-%20User%20Guide.pdf vendor-advisoryrelease-notes
- https://trusted.jamf.com/docs/establishing-compliance-baselines#support productpatch
- https://github.com/Jamf-Concepts/jamf-compliance-editor/releases/download/v1.3.1/JamfComplianceEditor.v1.3.1.pkg patch
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 4 Total
- https://khronokernel.com/macos/2024/05/01/CVE-2024-4395.html technical-descriptionthird-party-advisoryx_transferred
- https://github.com/Jamf-Concepts/jamf-compliance-editor/raw/v1.3.1/Jamf%20Compliance%20Editor%20-%20User%20Guide.pdf vendor-advisoryrelease-notesx_transferred
- https://trusted.jamf.com/docs/establishing-compliance-baselines#support productpatchx_transferred
- https://github.com/Jamf-Concepts/jamf-compliance-editor/releases/download/v1.3.1/JamfComplianceEditor.v1.3.1.pkg patchx_transferred