CVE-2023-22523

Summary

This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. The vulnerability exists between the Assets Discovery application (formerly known as Insight Discovery) and the Assets Discovery agent.

Affected Software

VendorProductVersion RangeStatus
AtlassianAssets Discovery Cloud< 1.0.0unaffected
AtlassianAssets Discovery Cloud>= 1.0.0affected
AtlassianAssets Discovery Cloud>= 1.5.7.0affected
AtlassianAssets Discovery Cloud>= 1.5.7.1affected
AtlassianAssets Discovery Cloud>= 1.5.7.3affected
AtlassianAssets Discovery Cloud>= 1.5.7.4affected
AtlassianAssets Discovery Cloud>= 1.6.1.2affected
AtlassianAssets Discovery Cloud>= 1.6.2.0affected
AtlassianAssets Discovery Cloud>= 1.6.3.0affected
AtlassianAssets Discovery Cloud>= 1.6.4.0affected
AtlassianAssets Discovery Cloud>= 1.6.4.4affected
AtlassianAssets Discovery Cloud>= 1.7.0.0affected
AtlassianAssets Discovery Cloud>= 1.7.1.0affected
AtlassianAssets Discovery Cloud>= 1.7.2.0affected
AtlassianAssets Discovery Cloud>= 1.8.0.0affected
AtlassianAssets Discovery Cloud>= 1.8.1.1affected
AtlassianAssets Discovery Cloud>= 1.8.1.2affected
AtlassianAssets Discovery Cloud>= 1.8.1.3affected
AtlassianAssets Discovery Cloud>= 1.8.1.4affected
AtlassianAssets Discovery Cloud>= 1.8.1.5affected
AtlassianAssets Discovery Cloud>= 1.8.2.0affected
AtlassianAssets Discovery Cloud>= 2.0.0.0affected
AtlassianAssets Discovery Cloud>= 3.1.0affected
AtlassianAssets Discovery Cloud>= 3.1.1affected
AtlassianAssets Discovery Cloud>= 3.1.10affected
AtlassianAssets Discovery Cloud>= 3.1.11affected
AtlassianAssets Discovery Cloud>= 3.1.2affected
AtlassianAssets Discovery Cloud>= 3.1.3affected
AtlassianAssets Discovery Cloud>= 3.1.4affected
AtlassianAssets Discovery Cloud>= 3.1.5affected
AtlassianAssets Discovery Cloud>= 3.1.6affected
AtlassianAssets Discovery Cloud>= 3.1.7affected
AtlassianAssets Discovery Cloud>= 3.1.8affected
AtlassianAssets Discovery Cloud>= 3.1.9affected
AtlassianAssets Discovery Cloud>= 3.2.0unaffected
AtlassianAssets Discovery Data Center< 1.0.0unaffected
AtlassianAssets Discovery Data Center>= 1.0.0affected
AtlassianAssets Discovery Data Center>= 3.1.0affected
AtlassianAssets Discovery Data Center>= 3.1.1affected
AtlassianAssets Discovery Data Center>= 3.1.10affected
AtlassianAssets Discovery Data Center>= 3.1.11affected
AtlassianAssets Discovery Data Center>= 3.1.2affected
AtlassianAssets Discovery Data Center>= 3.1.3affected
AtlassianAssets Discovery Data Center>= 3.1.4affected
AtlassianAssets Discovery Data Center>= 3.1.5affected
AtlassianAssets Discovery Data Center>= 3.1.6affected
AtlassianAssets Discovery Data Center>= 3.1.7affected
AtlassianAssets Discovery Data Center>= 3.1.9affected
AtlassianAssets Discovery Data Center>= 6.0.0affected
AtlassianAssets Discovery Data Center>= 6.1.10affected
AtlassianAssets Discovery Data Center>= 6.1.11affected
AtlassianAssets Discovery Data Center>= 6.1.12affected
AtlassianAssets Discovery Data Center>= 6.1.13affected
AtlassianAssets Discovery Data Center>= 6.1.14affected
AtlassianAssets Discovery Data Center>= 6.1.9affected
AtlassianAssets Discovery Data Center>= 6.2.0unaffected

Weaknesses

  • RCE (Remote Code Execution)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References