Vulnerability Description
The server in Jamf Pro before 10.32.0 has an SSRF vulnerability, aka PI-006352. NOTE: Jamf Nation will also publish an article about this vulnerability.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jamf | Jamf | < 10.32.0 |
Related Weaknesses (CWE)
References
- https://blog.assetnote.io/2021/11/30/jamf-ssrf/ExploitThird Party Advisory
- https://community.jamf.com/t5/jamf-pro/what-s-new-in-jamf-pro-10-32-release/m-p/Vendor Advisory
- https://docs.jamf.com/10.32.0/jamf-pro/release-notes/Resolved_Issues.htmlRelease NotesVendor Advisory
- https://www.jamf.com/resources/product-documentation/jamf-pro-release-notes/Release NotesVendor Advisory
- https://blog.assetnote.io/2021/11/30/jamf-ssrf/ExploitThird Party Advisory
- https://community.jamf.com/t5/jamf-pro/what-s-new-in-jamf-pro-10-32-release/m-p/Vendor Advisory
- https://docs.jamf.com/10.32.0/jamf-pro/release-notes/Resolved_Issues.htmlRelease NotesVendor Advisory
- https://www.jamf.com/resources/product-documentation/jamf-pro-release-notes/Release NotesVendor Advisory
FAQ
What is CVE-2021-39303?
CVE-2021-39303 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The server in Jamf Pro before 10.32.0 has an SSRF vulnerability, aka PI-006352. NOTE: Jamf Nation will also publish an article about this vulnerability.
How severe is CVE-2021-39303?
CVE-2021-39303 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-39303?
Check the references section above for vendor advisories and patch information. Affected products include: Jamf Jamf.