Potential Remote Code Execution Vulnerability in Assets Discovery Application
CVE-2023-22523

9.8CRITICAL

Key Information:

Vendor: Atlassian
Status: Assets Discovery Cloud; Assets Discovery Data Center
Vendor: CVE Published:; 6 December 2023

Summary

A remote code execution vulnerability has been identified in the Assets Discovery application, which can be exploited by attackers to execute arbitrary code on systems where the Assets Discovery agent is installed. This vulnerability arises from an insecure interaction between the Assets Discovery application and its agent, potentially allowing unauthorized access to control system functionalities. It is crucial for users to apply the necessary patches to mitigate the risks associated with this security flaw. For detailed guidance, please refer to Atlassian's security documentation.

Affected Version(s)

Assets Discovery Cloud >= 1.0.0 < 1.0.0

Assets Discovery Cloud >= 1.5.7.0 >= 1.5.7.0

Assets Discovery Cloud >= 1.5.7.1 >= 1.5.7.1

References

https://confluence.atlassian.com/security/cve-2023-22523-...

https://jira.atlassian.com/browse/JSDSERVER-14925

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 6, 2023
Vulnerability Reserved
Jan 1, 2023

Credit

Bug Bounty