Broken Access Control in Jamf Pro Server Affects User Authentication
CVE-2023-31224

9.8CRITICAL

Key Information:

Vendor: Jamf
Status: Jamf
Vendor: CVE Published:; 25 December 2023

What is CVE-2023-31224?

The vulnerability in Jamf Pro Server prior to version 10.46.1 allows unauthorized access during authentication, potentially compromising user accounts and sensitive information. This issue stems from improper access control measures, which could be exploited by attackers to gain access to functionalities and data that they should not be able to reach.

References

https://learn.jamf.com/bundle/jamf-pro-release-notes-10.4...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 25, 2023
Vulnerability Reserved
Apr 25, 2023