CVE-2023-22523

This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. The vulnerability exists between the Assets Discovery application (formerly known as Insight Discovery) and the Assets Discovery agent.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
atlassianassets_discovery_cloud
1.0.0 ≤
𝑥
< 3.2.0
atlassianassets_discovery_data_center
1.0.0 ≤
𝑥
≤ 3.1.11
atlassianassets_discovery_data_center
6.0.0 ≤
𝑥
< 6.2.0
atlassianassets_discovery_data_server
1.0.0 ≤
𝑥
≤ 3.1.11
atlassianassets_discovery_data_server
6.0.0 ≤
𝑥
< 6.2.0
𝑥
= Vulnerable software versions
References
https://confluence.atlassian.com/security/cve-2023-22523-rce-vulnerability-in-assets-discovery-1319248914.html
https://jira.atlassian.com/browse/JSDSERVER-14925
https://confluence.atlassian.com/security/cve-2023-22523-rce-vulnerability-in-assets-discovery-1319248914.html
https://jira.atlassian.com/browse/JSDSERVER-14925