Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-22523

This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. The vulnerability exists between the Assets Discovery application (formerly known as Insight Discovery) and the Assets Discovery agent.

Published

2023-12-06T05:15:10.087

Last Modified

2024-11-21T07:44:58.633

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	atlassian	assets_discovery_cloud	< 3.2.0	Yes
Application	atlassian	assets_discovery_data_center	≤ 3.1.11	Yes
Application	atlassian	assets_discovery_data_center	< 6.2.0	Yes
Application	atlassian	assets_discovery_data_server	≤ 3.1.11	Yes
Application	atlassian	assets_discovery_data_server	< 6.2.0	Yes

References

https://confluence.atlassian.com/security/cve-2023-22523-rce-vulnerability-in-assets-discovery-1319248914.html Vendor Advisory ([email protected])
https://jira.atlassian.com/browse/JSDSERVER-14925 Issue Tracking, Vendor Advisory ([email protected])
https://confluence.atlassian.com/security/cve-2023-22523-rce-vulnerability-in-assets-discovery-1319248914.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://jira.atlassian.com/browse/JSDSERVER-14925 Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)