JSS Spring Board Vulnerability

RushAdmin
New Contributor

Spring Board vulnerability found in jar file for JSS/Backups/BackupID/Tomcat/* . Anyone else ran into this issue and how did they address?

4 REPLIES 4

sdagley
Esteemed Contributor II

@user-mfobssCWjV That's a backup directory, which would seem to indicate a previously installed version of your JSS had a vulnerability. If that's the only directory triggering a warning on your server then your current install has the fixed version.

RushAdmin
New Contributor

Thank you for the response, I figured as much but wanted to be sure.

donmontalvo
Esteemed Contributor III

We usually purge that folder (usually move to another location) after a few days go by without any Jamf Pro server problems.

--
https://donmontalvo.com

miles3w
New Contributor II

For spring-core it's only one file, so deleting it in the backup is perfectly fine. However the backup will also have many other subsystems, especially an older Tomcat, so you're likely to get pinged on that.
After every update, I manually go in and tar the backup directory, eliminating the possibility any binaries there could be (mis)used.