Vulnerabilities > CVE-2021-39303 - Server-Side Request Forgery (SSRF) vulnerability in Jamf
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The server in Jamf Pro before 10.32.0 has an SSRF vulnerability, aka PI-006352. NOTE: Jamf Nation will also publish an article about this vulnerability.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://blog.assetnote.io/2021/11/30/jamf-ssrf/
- https://blog.assetnote.io/2021/11/30/jamf-ssrf/
- https://community.jamf.com/t5/jamf-pro/what-s-new-in-jamf-pro-10-32-release/m-p/246505
- https://community.jamf.com/t5/jamf-pro/what-s-new-in-jamf-pro-10-32-release/m-p/246505
- https://docs.jamf.com/10.32.0/jamf-pro/release-notes/Resolved_Issues.html
- https://docs.jamf.com/10.32.0/jamf-pro/release-notes/Resolved_Issues.html
- https://www.jamf.com/resources/product-documentation/jamf-pro-release-notes/
- https://www.jamf.com/resources/product-documentation/jamf-pro-release-notes/