CVE-2023-22523
9.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. The vulnerability exists between the Assets Discovery application (formerly known as Insight Discovery) and the Assets Discovery agent.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Atlassian | Assets Discovery Cloud | < 1.0.0 | unaffected |
| Atlassian | Assets Discovery Cloud | >= 1.0.0 | affected |
| Atlassian | Assets Discovery Cloud | >= 1.5.7.0 | affected |
| Atlassian | Assets Discovery Cloud | >= 1.5.7.1 | affected |
| Atlassian | Assets Discovery Cloud | >= 1.5.7.3 | affected |
| Atlassian | Assets Discovery Cloud | >= 1.5.7.4 | affected |
| Atlassian | Assets Discovery Cloud | >= 1.6.1.2 | affected |
| Atlassian | Assets Discovery Cloud | >= 1.6.2.0 | affected |
| Atlassian | Assets Discovery Cloud | >= 1.6.3.0 | affected |
| Atlassian | Assets Discovery Cloud | >= 1.6.4.0 | affected |
| Atlassian | Assets Discovery Cloud | >= 1.6.4.4 | affected |
| Atlassian | Assets Discovery Cloud | >= 1.7.0.0 | affected |
| Atlassian | Assets Discovery Cloud | >= 1.7.1.0 | affected |
| Atlassian | Assets Discovery Cloud | >= 1.7.2.0 | affected |
| Atlassian | Assets Discovery Cloud | >= 1.8.0.0 | affected |
| Atlassian | Assets Discovery Cloud | >= 1.8.1.1 | affected |
| Atlassian | Assets Discovery Cloud | >= 1.8.1.2 | affected |
| Atlassian | Assets Discovery Cloud | >= 1.8.1.3 | affected |
| Atlassian | Assets Discovery Cloud | >= 1.8.1.4 | affected |
| Atlassian | Assets Discovery Cloud | >= 1.8.1.5 | affected |
| Atlassian | Assets Discovery Cloud | >= 1.8.2.0 | affected |
| Atlassian | Assets Discovery Cloud | >= 2.0.0.0 | affected |
| Atlassian | Assets Discovery Cloud | >= 3.1.0 | affected |
| Atlassian | Assets Discovery Cloud | >= 3.1.1 | affected |
| Atlassian | Assets Discovery Cloud | >= 3.1.10 | affected |
| Atlassian | Assets Discovery Cloud | >= 3.1.11 | affected |
| Atlassian | Assets Discovery Cloud | >= 3.1.2 | affected |
| Atlassian | Assets Discovery Cloud | >= 3.1.3 | affected |
| Atlassian | Assets Discovery Cloud | >= 3.1.4 | affected |
| Atlassian | Assets Discovery Cloud | >= 3.1.5 | affected |
| Atlassian | Assets Discovery Cloud | >= 3.1.6 | affected |
| Atlassian | Assets Discovery Cloud | >= 3.1.7 | affected |
| Atlassian | Assets Discovery Cloud | >= 3.1.8 | affected |
| Atlassian | Assets Discovery Cloud | >= 3.1.9 | affected |
| Atlassian | Assets Discovery Cloud | >= 3.2.0 | unaffected |
| Atlassian | Assets Discovery Data Center | < 1.0.0 | unaffected |
| Atlassian | Assets Discovery Data Center | >= 1.0.0 | affected |
| Atlassian | Assets Discovery Data Center | >= 3.1.0 | affected |
| Atlassian | Assets Discovery Data Center | >= 3.1.1 | affected |
| Atlassian | Assets Discovery Data Center | >= 3.1.10 | affected |
| Atlassian | Assets Discovery Data Center | >= 3.1.11 | affected |
| Atlassian | Assets Discovery Data Center | >= 3.1.2 | affected |
| Atlassian | Assets Discovery Data Center | >= 3.1.3 | affected |
| Atlassian | Assets Discovery Data Center | >= 3.1.4 | affected |
| Atlassian | Assets Discovery Data Center | >= 3.1.5 | affected |
| Atlassian | Assets Discovery Data Center | >= 3.1.6 | affected |
| Atlassian | Assets Discovery Data Center | >= 3.1.7 | affected |
| Atlassian | Assets Discovery Data Center | >= 3.1.9 | affected |
| Atlassian | Assets Discovery Data Center | >= 6.0.0 | affected |
| Atlassian | Assets Discovery Data Center | >= 6.1.10 | affected |
| Atlassian | Assets Discovery Data Center | >= 6.1.11 | affected |
| Atlassian | Assets Discovery Data Center | >= 6.1.12 | affected |
| Atlassian | Assets Discovery Data Center | >= 6.1.13 | affected |
| Atlassian | Assets Discovery Data Center | >= 6.1.14 | affected |
| Atlassian | Assets Discovery Data Center | >= 6.1.9 | affected |
| Atlassian | Assets Discovery Data Center | >= 6.2.0 | unaffected |
Weaknesses
- RCE (Remote Code Execution)
ADP Enrichment
CVE Program Container
Additional References
- https://confluence.atlassian.com/security/cve-2023-22523-rce-vulnerability-in-assets-discovery-1319248914.html
- https://jira.atlassian.com/browse/JSDSERVER-14925
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://confluence.atlassian.com/security/cve-2023-22523-rce-vulnerability-in-assets-discovery-1319248914.html
- https://jira.atlassian.com/browse/JSDSERVER-14925
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.