Description
Jamf Pro before 10.30.1 allows for an unvalidated URL redirect vulnerability affecting Jamf Pro customers who host their environments on-premises. An attacker may craft a URL that appears to be for a customer's Jamf Pro instance, but when clicked will forward a user to an arbitrary URL that may be malicious. This is tracked via Jamf with the following ID: PI-009822
References (2)
Core 2
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://www.jamf.com/resources/product-documentation/jamf-pro-release-notes/
Vendor Advisory x_refsource_misc
https://www.jamf.com/jamf-nation/discussions/39219/jamf-pro-10-30-1-security-upgrade
Scores
CVSS v3
6.1
EPSS
0.0059
EPSS Percentile
43.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-601
Status
published
Products (1)
jamf/jamf
< 10.30.1
Published
Jul 12, 2021
Tracked Since
Feb 18, 2026