Lucene search
AtlassianCVELIST:CVE-2023-22523HistoryDec 06, 2023 - 5:00 a.m.
CVE-2023-22523
2023-12-0605:00:02
atlassian
www.cve.org
cve-2023-22523
exploited
attacker
assets discovery application
insight discovery
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
43.0%
This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. The vulnerability exists between the Assets Discovery application (formerly known as Insight Discovery) and the Assets Discovery agent.
CNA Affected
[
{
"vendor": "Atlassian",
"product": "Assets Discovery Cloud",
"versions": [
{
"version": "< 1.0.0",
"status": "unaffected"
},
{
"version": ">= 1.0.0",
"status": "affected"
},
{
"version": ">= 1.5.7.0",
"status": "affected"
},
{
"version": ">= 1.5.7.1",
"status": "affected"
},
{
"version": ">= 1.5.7.3",
"status": "affected"
},
{
"version": ">= 1.5.7.4",
"status": "affected"
},
{
"version": ">= 1.6.1.2",
"status": "affected"
},
{
"version": ">= 1.6.2.0",
"status": "affected"
},
{
"version": ">= 1.6.3.0",
"status": "affected"
},
{
"version": ">= 1.6.4.0",
"status": "affected"
},
{
"version": ">= 1.6.4.4",
"status": "affected"
},
{
"version": ">= 1.7.0.0",
"status": "affected"
},
{
"version": ">= 1.7.1.0",
"status": "affected"
},
{
"version": ">= 1.7.2.0",
"status": "affected"
},
{
"version": ">= 1.8.0.0",
"status": "affected"
},
{
"version": ">= 1.8.1.1",
"status": "affected"
},
{
"version": ">= 1.8.1.2",
"status": "affected"
},
{
"version": ">= 1.8.1.3",
"status": "affected"
},
{
"version": ">= 1.8.1.4",
"status": "affected"
},
{
"version": ">= 1.8.1.5",
"status": "affected"
},
{
"version": ">= 1.8.2.0",
"status": "affected"
},
{
"version": ">= 2.0.0.0",
"status": "affected"
},
{
"version": ">= 3.1.0",
"status": "affected"
},
{
"version": ">= 3.1.1",
"status": "affected"
},
{
"version": ">= 3.1.10",
"status": "affected"
},
{
"version": ">= 3.1.11",
"status": "affected"
},
{
"version": ">= 3.1.2",
"status": "affected"
},
{
"version": ">= 3.1.3",
"status": "affected"
},
{
"version": ">= 3.1.4",
"status": "affected"
},
{
"version": ">= 3.1.5",
"status": "affected"
},
{
"version": ">= 3.1.6",
"status": "affected"
},
{
"version": ">= 3.1.7",
"status": "affected"
},
{
"version": ">= 3.1.8",
"status": "affected"
},
{
"version": ">= 3.1.9",
"status": "affected"
},
{
"version": ">= 3.2.0",
"status": "unaffected"
}
]
},
{
"vendor": "Atlassian",
"product": "Assets Discovery Data Center",
"versions": [
{
"version": "< 1.0.0",
"status": "unaffected"
},
{
"version": ">= 1.0.0",
"status": "affected"
},
{
"version": ">= 3.1.0",
"status": "affected"
},
{
"version": ">= 3.1.1",
"status": "affected"
},
{
"version": ">= 3.1.10",
"status": "affected"
},
{
"version": ">= 3.1.11",
"status": "affected"
},
{
"version": ">= 3.1.2",
"status": "affected"
},
{
"version": ">= 3.1.3",
"status": "affected"
},
{
"version": ">= 3.1.4",
"status": "affected"
},
{
"version": ">= 3.1.5",
"status": "affected"
},
{
"version": ">= 3.1.6",
"status": "affected"
},
{
"version": ">= 3.1.7",
"status": "affected"
},
{
"version": ">= 3.1.9",
"status": "affected"
},
{
"version": ">= 6.0.0",
"status": "affected"
},
{
"version": ">= 6.1.10",
"status": "affected"
},
{
"version": ">= 6.1.11",
"status": "affected"
},
{
"version": ">= 6.1.12",
"status": "affected"
},
{
"version": ">= 6.1.13",
"status": "affected"
},
{
"version": ">= 6.1.14",
"status": "affected"
},
{
"version": ">= 6.1.9",
"status": "affected"
},
{
"version": ">= 6.2.0",
"status": "unaffected"
}
]
}
]Related
cve
cve
CVE-2023-22523
2023-12-06 05:15:10
nessus
nessus
Atlassian Jira Service Management Assets Discovery < 6.2.0 (JSDSERVER-14925)
2023-12-08 00:00:00
prion
prion
Remote code execution
2023-12-06 05:15:00
nvd
nvd
CVE-2023-22523
2023-12-06 05:15:10
hivepro
hivepro
Atlassian Addresses Critical RCE Flaws
2023-12-07 12:45:52
thn
thn
Atlassian Releases Critical Software Fixes to Prevent Remote Code Execution
2023-12-06 09:18:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
43.0%
Related for CVELIST:CVE-2023-22523