CVE-2019-9146

Name of the Vulnerable Software and Affected Versions Jamf Self Service version 10.9.0

Description The issue allows man-in-the-middle attackers to obtain a root shell. This is achieved by leveraging the "publish Bash shell scripts" feature to insert a specific command into the TCP data stream, which enables the execution of /Applications/Utilities/Terminal app/Contents/MacOS/Terminal.

Recommendations For Jamf Self Service version 10.9.0, consider disabling the "publish Bash shell scripts" feature as a temporary workaround until a patch is available. Restrict access to sensitive features to minimize the risk of exploitation.