Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Assets Discovery Data Center by Atlassian

    CVE-2024-21682 (GCVE-0-2024-21682)

    Vulnerability from nvd – Published: 2024-02-20 18:00 – Updated: 2024-08-28 15:56
    VLAI
    Summary
    This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 (all versions). Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or Server. It detects hardware and software that is connected to your local network and extracts detailed information about each asset. This data can then be imported into Assets in Jira Service Management to help you manage all of the devices and configuration items within your local network. This Injection vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to modify the actions taken by a system call which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Assets Discovery customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions See the release notes (https://confluence.atlassian.com/assetapps/assets-discovery-3-2-1-cloud-6-2-1-data_center-1333987182.html). You can download the latest version of Assets Discovery from the Atlassian Marketplace (https://marketplace.atlassian.com/apps/1214668/assets-discovery?hosting=datacenter&tab=installation). This vulnerability was reported via our Penetration Testing program.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Injection
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Atlassian Assets Discovery Data Center Unaffected: < 6.0.0
    Affected: >= 6.0.0
    Affected: >= 6.1.0
    Affected: >= 6.2.0
    Unaffected: >= 6.2.1
    Create a notification for this product.
    atlassian assets_discovery_data_center Affected: 6.0.0 , ≤ 6.2.0 (custom)
    Affected: 0 , < 6.0.0 (custom)
        cpe:2.3:a:atlassian:assets_discovery_data_center:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:27:35.986Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://confluence.atlassian.com/assetapps/assets-discovery-3-2-1-cloud-6-2-1-data_center-1333987182.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1354501606"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-15067"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://marketplace.atlassian.com/apps/1214668/assets-discovery?hosting=datacenter\u0026tab=installation"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:assets_discovery_data_center:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "assets_discovery_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThanOrEqual": "6.2.0",
                    "status": "affected",
                    "version": "6.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "6.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-21682",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-22T17:44:27.088024Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-28T15:56:52.635Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Assets Discovery Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "\u003c 6.0.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 6.0.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 6.1.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 6.2.0"
                },
                {
                  "status": "unaffected",
                  "version": "\u003e= 6.2.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 (all versions). \n\nAssets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or Server. It detects hardware and software that is connected to your local network and extracts detailed information about each asset. This data can then be imported into Assets in Jira Service Management to help you manage all of the devices and configuration items within your local network.\n\nThis Injection vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to modify the actions taken by a system call which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.\n\nAtlassian recommends that Assets Discovery customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions\n\nSee the release notes (https://confluence.atlassian.com/assetapps/assets-discovery-3-2-1-cloud-6-2-1-data_center-1333987182.html). You can download the latest version of Assets Discovery from the Atlassian Marketplace (https://marketplace.atlassian.com/apps/1214668/assets-discovery?hosting=datacenter\u0026tab=installation).\n\nThis vulnerability was reported via our Penetration Testing program."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Injection",
                  "lang": "en",
                  "type": "Injection"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-20T18:00:00.699Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "url": "https://confluence.atlassian.com/assetapps/assets-discovery-3-2-1-cloud-6-2-1-data_center-1333987182.html"
            },
            {
              "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1354501606"
            },
            {
              "url": "https://jira.atlassian.com/browse/JSDSERVER-15067"
            },
            {
              "url": "https://marketplace.atlassian.com/apps/1214668/assets-discovery?hosting=datacenter\u0026tab=installation"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2024-21682",
        "datePublished": "2024-02-20T18:00:00.699Z",
        "dateReserved": "2024-01-01T00:05:33.846Z",
        "dateUpdated": "2024-08-28T15:56:52.635Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22523 (GCVE-0-2023-22523)

    Vulnerability from nvd – Published: 2023-12-06 05:00 – Updated: 2026-02-25 16:52
    VLAI
    Summary
    This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. The vulnerability exists between the Assets Discovery application (formerly known as Insight Discovery) and the Assets Discovery agent.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Atlassian Assets Discovery Cloud Unaffected: < 1.0.0
    Affected: >= 1.0.0
    Affected: >= 1.5.7.0
    Affected: >= 1.5.7.1
    Affected: >= 1.5.7.3
    Affected: >= 1.5.7.4
    Affected: >= 1.6.1.2
    Affected: >= 1.6.2.0
    Affected: >= 1.6.3.0
    Affected: >= 1.6.4.0
    Affected: >= 1.6.4.4
    Affected: >= 1.7.0.0
    Affected: >= 1.7.1.0
    Affected: >= 1.7.2.0
    Affected: >= 1.8.0.0
    Affected: >= 1.8.1.1
    Affected: >= 1.8.1.2
    Affected: >= 1.8.1.3
    Affected: >= 1.8.1.4
    Affected: >= 1.8.1.5
    Affected: >= 1.8.2.0
    Affected: >= 2.0.0.0
    Affected: >= 3.1.0
    Affected: >= 3.1.1
    Affected: >= 3.1.10
    Affected: >= 3.1.11
    Affected: >= 3.1.2
    Affected: >= 3.1.3
    Affected: >= 3.1.4
    Affected: >= 3.1.5
    Affected: >= 3.1.6
    Affected: >= 3.1.7
    Affected: >= 3.1.8
    Affected: >= 3.1.9
    Unaffected: >= 3.2.0
    Create a notification for this product.
    Atlassian Assets Discovery Data Center Unaffected: < 1.0.0
    Affected: >= 1.0.0
    Affected: >= 3.1.0
    Affected: >= 3.1.1
    Affected: >= 3.1.10
    Affected: >= 3.1.11
    Affected: >= 3.1.2
    Affected: >= 3.1.3
    Affected: >= 3.1.4
    Affected: >= 3.1.5
    Affected: >= 3.1.6
    Affected: >= 3.1.7
    Affected: >= 3.1.9
    Affected: >= 6.0.0
    Affected: >= 6.1.10
    Affected: >= 6.1.11
    Affected: >= 6.1.12
    Affected: >= 6.1.13
    Affected: >= 6.1.14
    Affected: >= 6.1.9
    Unaffected: >= 6.2.0
    Create a notification for this product.
    Credits
    Bug Bounty
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:13:48.923Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://confluence.atlassian.com/security/cve-2023-22523-rce-vulnerability-in-assets-discovery-1319248914.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-14925"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22523",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-12-14T05:00:08.551203Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-25T16:52:39.413Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Assets Discovery Cloud",
              "vendor": "Atlassian",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "\u003c 1.0.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.0.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.5.7.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.5.7.1"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.5.7.3"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.5.7.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.6.1.2"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.6.2.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.6.3.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.6.4.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.6.4.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.7.0.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.7.1.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.7.2.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.8.0.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.8.1.1"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.8.1.2"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.8.1.3"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.8.1.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.8.1.5"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.8.2.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.0.0.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.1"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.10"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.11"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.2"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.3"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.5"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.6"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.7"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.8"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.9"
                },
                {
                  "status": "unaffected",
                  "version": "\u003e= 3.2.0"
                }
              ]
            },
            {
              "product": "Assets Discovery Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "\u003c 1.0.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.0.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.1"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.10"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.11"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.2"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.3"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.5"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.6"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.7"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.9"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 6.0.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 6.1.10"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 6.1.11"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 6.1.12"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 6.1.13"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 6.1.14"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 6.1.9"
                },
                {
                  "status": "unaffected",
                  "version": "\u003e= 6.2.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Bug Bounty"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. The vulnerability exists between the Assets Discovery application (formerly known as Insight Discovery) and the Assets Discovery agent."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "RCE (Remote Code Execution)",
                  "lang": "en",
                  "type": "RCE (Remote Code Execution)"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-06T15:30:00.483Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "url": "https://confluence.atlassian.com/security/cve-2023-22523-rce-vulnerability-in-assets-discovery-1319248914.html"
            },
            {
              "url": "https://jira.atlassian.com/browse/JSDSERVER-14925"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2023-22523",
        "datePublished": "2023-12-06T05:00:02.793Z",
        "dateReserved": "2023-01-01T00:01:22.333Z",
        "dateUpdated": "2026-02-25T16:52:39.413Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-21682 (GCVE-0-2024-21682)

    Vulnerability from cvelistv5 – Published: 2024-02-20 18:00 – Updated: 2024-08-28 15:56
    VLAI
    Summary
    This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 (all versions). Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or Server. It detects hardware and software that is connected to your local network and extracts detailed information about each asset. This data can then be imported into Assets in Jira Service Management to help you manage all of the devices and configuration items within your local network. This Injection vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to modify the actions taken by a system call which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Assets Discovery customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions See the release notes (https://confluence.atlassian.com/assetapps/assets-discovery-3-2-1-cloud-6-2-1-data_center-1333987182.html). You can download the latest version of Assets Discovery from the Atlassian Marketplace (https://marketplace.atlassian.com/apps/1214668/assets-discovery?hosting=datacenter&tab=installation). This vulnerability was reported via our Penetration Testing program.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Injection
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Atlassian Assets Discovery Data Center Unaffected: < 6.0.0
    Affected: >= 6.0.0
    Affected: >= 6.1.0
    Affected: >= 6.2.0
    Unaffected: >= 6.2.1
    Create a notification for this product.
    atlassian assets_discovery_data_center Affected: 6.0.0 , ≤ 6.2.0 (custom)
    Affected: 0 , < 6.0.0 (custom)
        cpe:2.3:a:atlassian:assets_discovery_data_center:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:27:35.986Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://confluence.atlassian.com/assetapps/assets-discovery-3-2-1-cloud-6-2-1-data_center-1333987182.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1354501606"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-15067"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://marketplace.atlassian.com/apps/1214668/assets-discovery?hosting=datacenter\u0026tab=installation"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:assets_discovery_data_center:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "assets_discovery_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThanOrEqual": "6.2.0",
                    "status": "affected",
                    "version": "6.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "6.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-21682",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-22T17:44:27.088024Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-28T15:56:52.635Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Assets Discovery Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "\u003c 6.0.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 6.0.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 6.1.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 6.2.0"
                },
                {
                  "status": "unaffected",
                  "version": "\u003e= 6.2.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 (all versions). \n\nAssets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or Server. It detects hardware and software that is connected to your local network and extracts detailed information about each asset. This data can then be imported into Assets in Jira Service Management to help you manage all of the devices and configuration items within your local network.\n\nThis Injection vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to modify the actions taken by a system call which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.\n\nAtlassian recommends that Assets Discovery customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions\n\nSee the release notes (https://confluence.atlassian.com/assetapps/assets-discovery-3-2-1-cloud-6-2-1-data_center-1333987182.html). You can download the latest version of Assets Discovery from the Atlassian Marketplace (https://marketplace.atlassian.com/apps/1214668/assets-discovery?hosting=datacenter\u0026tab=installation).\n\nThis vulnerability was reported via our Penetration Testing program."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Injection",
                  "lang": "en",
                  "type": "Injection"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-20T18:00:00.699Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "url": "https://confluence.atlassian.com/assetapps/assets-discovery-3-2-1-cloud-6-2-1-data_center-1333987182.html"
            },
            {
              "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1354501606"
            },
            {
              "url": "https://jira.atlassian.com/browse/JSDSERVER-15067"
            },
            {
              "url": "https://marketplace.atlassian.com/apps/1214668/assets-discovery?hosting=datacenter\u0026tab=installation"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2024-21682",
        "datePublished": "2024-02-20T18:00:00.699Z",
        "dateReserved": "2024-01-01T00:05:33.846Z",
        "dateUpdated": "2024-08-28T15:56:52.635Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22523 (GCVE-0-2023-22523)

    Vulnerability from cvelistv5 – Published: 2023-12-06 05:00 – Updated: 2026-02-25 16:52
    VLAI
    Summary
    This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. The vulnerability exists between the Assets Discovery application (formerly known as Insight Discovery) and the Assets Discovery agent.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Atlassian Assets Discovery Cloud Unaffected: < 1.0.0
    Affected: >= 1.0.0
    Affected: >= 1.5.7.0
    Affected: >= 1.5.7.1
    Affected: >= 1.5.7.3
    Affected: >= 1.5.7.4
    Affected: >= 1.6.1.2
    Affected: >= 1.6.2.0
    Affected: >= 1.6.3.0
    Affected: >= 1.6.4.0
    Affected: >= 1.6.4.4
    Affected: >= 1.7.0.0
    Affected: >= 1.7.1.0
    Affected: >= 1.7.2.0
    Affected: >= 1.8.0.0
    Affected: >= 1.8.1.1
    Affected: >= 1.8.1.2
    Affected: >= 1.8.1.3
    Affected: >= 1.8.1.4
    Affected: >= 1.8.1.5
    Affected: >= 1.8.2.0
    Affected: >= 2.0.0.0
    Affected: >= 3.1.0
    Affected: >= 3.1.1
    Affected: >= 3.1.10
    Affected: >= 3.1.11
    Affected: >= 3.1.2
    Affected: >= 3.1.3
    Affected: >= 3.1.4
    Affected: >= 3.1.5
    Affected: >= 3.1.6
    Affected: >= 3.1.7
    Affected: >= 3.1.8
    Affected: >= 3.1.9
    Unaffected: >= 3.2.0
    Create a notification for this product.
    Atlassian Assets Discovery Data Center Unaffected: < 1.0.0
    Affected: >= 1.0.0
    Affected: >= 3.1.0
    Affected: >= 3.1.1
    Affected: >= 3.1.10
    Affected: >= 3.1.11
    Affected: >= 3.1.2
    Affected: >= 3.1.3
    Affected: >= 3.1.4
    Affected: >= 3.1.5
    Affected: >= 3.1.6
    Affected: >= 3.1.7
    Affected: >= 3.1.9
    Affected: >= 6.0.0
    Affected: >= 6.1.10
    Affected: >= 6.1.11
    Affected: >= 6.1.12
    Affected: >= 6.1.13
    Affected: >= 6.1.14
    Affected: >= 6.1.9
    Unaffected: >= 6.2.0
    Create a notification for this product.
    Credits
    Bug Bounty
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:13:48.923Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://confluence.atlassian.com/security/cve-2023-22523-rce-vulnerability-in-assets-discovery-1319248914.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-14925"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22523",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-12-14T05:00:08.551203Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-25T16:52:39.413Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Assets Discovery Cloud",
              "vendor": "Atlassian",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "\u003c 1.0.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.0.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.5.7.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.5.7.1"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.5.7.3"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.5.7.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.6.1.2"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.6.2.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.6.3.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.6.4.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.6.4.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.7.0.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.7.1.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.7.2.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.8.0.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.8.1.1"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.8.1.2"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.8.1.3"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.8.1.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.8.1.5"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.8.2.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.0.0.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.1"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.10"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.11"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.2"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.3"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.5"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.6"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.7"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.8"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.9"
                },
                {
                  "status": "unaffected",
                  "version": "\u003e= 3.2.0"
                }
              ]
            },
            {
              "product": "Assets Discovery Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "\u003c 1.0.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.0.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.1"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.10"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.11"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.2"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.3"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.5"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.6"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.7"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.9"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 6.0.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 6.1.10"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 6.1.11"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 6.1.12"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 6.1.13"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 6.1.14"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 6.1.9"
                },
                {
                  "status": "unaffected",
                  "version": "\u003e= 6.2.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Bug Bounty"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. The vulnerability exists between the Assets Discovery application (formerly known as Insight Discovery) and the Assets Discovery agent."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "RCE (Remote Code Execution)",
                  "lang": "en",
                  "type": "RCE (Remote Code Execution)"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-06T15:30:00.483Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "url": "https://confluence.atlassian.com/security/cve-2023-22523-rce-vulnerability-in-assets-discovery-1319248914.html"
            },
            {
              "url": "https://jira.atlassian.com/browse/JSDSERVER-14925"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2023-22523",
        "datePublished": "2023-12-06T05:00:02.793Z",
        "dateReserved": "2023-01-01T00:01:22.333Z",
        "dateUpdated": "2026-02-25T16:52:39.413Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }