Skip to main content

EDIT: This seems to be an issue effecting multiple JamfCloud hosted environments. I have Logged a support case with Jamf, as have other community members.
I will keep this thread up to date with any information from Jamf Support.

 

On two JAMFCloud Jamf Pro instances, running version 10.40.1-t1659581750

 

I am unable to save a particular script into Jamf, as every time I press Save it results in a 403 - Access Denied

403 error

Whilst debugging this I have found that there are certain character combinations that cause this error.

If I try to save a script with the following text only, I will get the 403 error

${a:}${}

 

glitch text 1

 

the "a" parameter / var can be swapped with any letter or number and it will still cause the error

If the curly braces are not touching the last $ it will save fine, if they are touching however it will error.

There can be text in between the first ${a:} and the second ${} and it will still crash.
The lines can even be commented out, and it will still crash

e.g. the below will still crash -

#

#${a:}

### asd

#${}

 

glitch text 2

This looks like some strange buffer overflow happening, or validation error crashing the console - rather than an actual access denied, as it is only happening with specific commands.

Does the same happen for anyone else, and is there a reason for this that can be avoided? Or is it a Bug

 

 

This is happening to me also, on at least 2 JAMFCloud.com instances - 

VERSION

10.40.1-t1659581750

It does not happen to me on a JAMF Pro On-Prem, 

VERSION

10.37.2-t1648851072

 

 

This is happening to me also, on at least 2 JAMFCloud.com instances - 

VERSION

10.40.1-t1659581750

It does not happen to me on a JAMF Pro On-Prem, 

VERSION

10.37.2-t1648851072

 

 


Yes i have two instances running in Jamfcloud and both are showcasing this issue.
Looks to be an issue their end then

Yes i have two instances running in Jamfcloud and both are showcasing this issue.
Looks to be an issue their end then


Will you be opening a support ticket on it?

Will you be opening a support ticket on it?


I certainly will now I know its not just me who is affected, thanks for the reply

I have this issue as well.  Noticed it yesterday (Sep-8-2022)

I have this issue as well.  Noticed it yesterday (Sep-8-2022)


interesting, I know my jamfcloud instance was updated this week so potentially related to this recent update.

Same for our cloud instance. I opened a ticket.

FYI - Jamf have advised that they recently made a Web Application Firewall (WAF) change that's causing this. You'll need to contact Jamf support with all of your WAN/external IPs to get them whitelisted. If you're working from home and on DHCP with your ISP you'll need to contact Jamf each time it changes. 

I can appreciate that this is a security measure but it's a major annoyance as fas as I'm concerned. I've expressed my concern and asked for the issue to be escalated. In the meantime send Jamf your IPs or use Jamf Admin to upload new/edited scripts.

Cheers,

Shannon

wow, I am now glad I've got more On-Prem JAMF's than Cloud... still gonna be a pain in the .. .. .. neck.

wow, I am now glad I've got more On-Prem JAMF's than Cloud... still gonna be a pain in the .. .. .. neck.


I gotta ask though, what did you mean use JAMF Admin to upload new and edited scripts. I've never seen that capability in it. Packages yes, scripts no.

I gotta ask though, what did you mean use JAMF Admin to upload new and edited scripts. I've never seen that capability in it. Packages yes, scripts no.


You can actually just drag text files into the scripts area via JamfAdmin, and then rename them to .sh

This is the workaround we have been using so far, following the 403 issues on the web ui

the process is explained here: https://docs.jamf.com/10.24.1/jamf-pro/administrator-guide/Managing_Scripts.html

You can actually just drag text files into the scripts area via JamfAdmin, and then rename them to .sh

This is the workaround we have been using so far, following the 403 issues on the web ui

the process is explained here: https://docs.jamf.com/10.24.1/jamf-pro/administrator-guide/Managing_Scripts.html


Many thanks! Totally makes sense that it would work like that, I just hadn't dug into JAMF Admin that far yet. 

As of today (Sep. 09, 2022) the issue is no longer showing up.  I can create new and modify existing scripts without seeing the 403 error.  No changes were made by me or JAMF (That I know of) in regards to IP address listings.

As of today (Sep. 09, 2022) the issue is no longer showing up.  I can create new and modify existing scripts without seeing the 403 error.  No changes were made by me or JAMF (That I know of) in regards to IP address listings.


How strange, I am also now not seeing the issue!
Thanks for bringing to my attention!

I have this issue as well.  Noticed it yesterday

I have an update on this one. I escalated to my customer success manager and was given some further information after a bit more of investigation. There appears to have been a temporary WAF rule issue which was causing this on Jamf Cloud. It's now been resolved which is why it has gone for most people (including me).

There is also a know issue with saving scripts with illegal characters in them. It's specific sequence...

:-<letter>

 where "<letter>" is just any letter. That's a colon followed by a dash followed by any character. This will cause the 403 error so check your scripts.

Hope this helps everyone

Terms & ConditionsCookie settings