Help

JSS Spring Board Vulnerability

RushAdmin
New Contributor

Posted on ‎01-13-2021 08:20 AM

Spring Board vulnerability found in jar file for JSS/Backups/BackupID/Tomcat/* . Anyone else ran into this issue and how did they address?

Labels:
0 Kudos
Reply
4 REPLIES 4

sdagley
Esteemed Contributor II

Posted on ‎01-13-2021 08:38 AM

@user-mfobssCWjV That's a backup directory, which would seem to indicate a previously installed version of your JSS had a vulnerability. If that's the only directory triggering a warning on your server then your current install has the fixed version.

Reply

RushAdmin
New Contributor

Posted on ‎01-14-2021 10:02 AM

Thank you for the response, I figured as much but wanted to be sure.

0 Kudos
Reply

donmontalvo
Esteemed Contributor III

Posted on ‎01-14-2021 06:36 PM

We usually purge that folder (usually move to another location) after a few days go by without any Jamf Pro server problems.

--
https://donmontalvo.com
0 Kudos
Reply

miles3w
New Contributor II

Posted on ‎01-15-2021 07:42 AM

For spring-core it's only one file, so deleting it in the backup is perfectly fine. However the backup will also have many other subsystems, especially an older Tomcat, so you're likely to get pinged on that.
After every update, I manually go in and tar the backup directory, eliminating the possibility any binaries there could be (mis)used.

0 Kudos
Reply