Potential Remote Code Execution Vulnerability in Assets Discovery Application
CVE-2023-22523
9.8CRITICAL
Key Information
- Vendor
- Atlassian
- Status
- Assets Discovery Cloud
- Assets Discovery Data Center
- Vendor
- CVE Published:
- 6 December 2023
Summary
This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. The vulnerability exists between the Assets Discovery application (formerly known as Insight Discovery) and the Assets Discovery agent.
Affected Version(s)
Assets Discovery Cloud >= 1.0.0
Assets Discovery Cloud < 1.0.0
Assets Discovery Cloud >= 1.5.7.0
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database
Credit
Bug Bounty