Spring Board vulnerability found in jar file for JSS/Backups/BackupID/Tomcat/* . Anyone else ran into this issue and how did they address?
Question
JSS Spring Board Vulnerability
+3
+25@user-mfobssCWjV That's a backup directory, which would seem to indicate a previously installed version of your JSS had a vulnerability. If that's the only directory triggering a warning on your server then your current install has the fixed version.
+36We usually purge that folder (usually move to another location) after a few days go by without any Jamf Pro server problems.
+3For spring-core it's only one file, so deleting it in the backup is perfectly fine. However the backup will also have many other subsystems, especially an older Tomcat, so you're likely to get pinged on that.
After every update, I manually go in and tar the backup directory, eliminating the possibility any binaries there could be (mis)used.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.