High Severity Injection Vulnerability Affects Assets Discovery 1.0 - 6.2.0 (All Versions)
CVE-2024-21682

7.2HIGH

Key Information:

Vendor: Atlassian
Status: Assets Discovery Data Center
Vendor: CVE Published:; 20 February 2024

Summary

A significant injection vulnerability has been identified in the Assets Discovery tool from Atlassian, affecting all versions from 1.0 to 6.2.0. This vulnerability allows an authenticated attacker to alter system calls, potentially compromising the integrity, confidentiality, and availability of the system without user interaction. Assets Discovery is a crucial network scanning tool utilized with Jira Service Management, which aids in identifying and managing hardware and software within a local network. To mitigate risks associated with this vulnerability, Atlassian advises customers to upgrade to the latest version of Assets Discovery. Information about supported fixed versions and the upgrade procedure can be found in the release notes and the Atlassian Marketplace.

Affected Version(s)

Assets Discovery Data Center >= 6.0.0 < 6.0.0

Assets Discovery Data Center >= 6.1.0 >= 6.1.0

Assets Discovery Data Center >= 6.2.0 >= 6.2.0

References

https://confluence.atlassian.com/assetapps/assets-discove...

https://confluence.atlassian.com/pages/viewpage.action?pa...

https://jira.atlassian.com/browse/JSDSERVER-15067

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 20, 2024
Vulnerability Reserved
Jan 1, 2024