CVE-2023-22523

Description

This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. The vulnerability exists between the Assets Discovery application (formerly known as Insight Discovery) and the Assets Discovery agent.

CVSS breakdown

Affected products

• Atlassian / Assets Discovery Cloud< 1.0.0 – < 1.0.0
• Atlassian / Assets Discovery Cloud>= 1.0.0 – >= 1.0.0
• Atlassian / Assets Discovery Cloud>= 1.5.7.0 – >= 1.5.7.0
• Atlassian / Assets Discovery Cloud>= 1.5.7.1 – >= 1.5.7.1
• Atlassian / Assets Discovery Cloud>= 1.5.7.3 – >= 1.5.7.3
• Atlassian / Assets Discovery Cloud>= 1.5.7.4 – >= 1.5.7.4
• Atlassian / Assets Discovery Cloud>= 1.6.1.2 – >= 1.6.1.2
• Atlassian / Assets Discovery Cloud>= 1.6.2.0 – >= 1.6.2.0
• Atlassian / Assets Discovery Cloud>= 1.6.3.0 – >= 1.6.3.0
• Atlassian / Assets Discovery Cloud>= 1.6.4.0 – >= 1.6.4.0
• Atlassian / Assets Discovery Cloud>= 1.6.4.4 – >= 1.6.4.4
• Atlassian / Assets Discovery Cloud>= 1.7.0.0 – >= 1.7.0.0
• Atlassian / Assets Discovery Cloud>= 1.7.1.0 – >= 1.7.1.0
• Atlassian / Assets Discovery Cloud>= 1.7.2.0 – >= 1.7.2.0
• Atlassian / Assets Discovery Cloud>= 1.8.0.0 – >= 1.8.0.0
• Atlassian / Assets Discovery Cloud>= 1.8.1.1 – >= 1.8.1.1
• Atlassian / Assets Discovery Cloud>= 1.8.1.2 – >= 1.8.1.2
• Atlassian / Assets Discovery Cloud>= 1.8.1.3 – >= 1.8.1.3
• Atlassian / Assets Discovery Cloud>= 1.8.1.4 – >= 1.8.1.4
• Atlassian / Assets Discovery Cloud>= 1.8.1.5 – >= 1.8.1.5
• Atlassian / Assets Discovery Cloud>= 1.8.2.0 – >= 1.8.2.0
• Atlassian / Assets Discovery Cloud>= 2.0.0.0 – >= 2.0.0.0
• Atlassian / Assets Discovery Cloud>= 3.1.0 – >= 3.1.0
• Atlassian / Assets Discovery Cloud>= 3.1.1 – >= 3.1.1
• Atlassian / Assets Discovery Cloud>= 3.1.10 – >= 3.1.10
• Atlassian / Assets Discovery Cloud>= 3.1.11 – >= 3.1.11
• Atlassian / Assets Discovery Cloud>= 3.1.2 – >= 3.1.2
• Atlassian / Assets Discovery Cloud>= 3.1.3 – >= 3.1.3
• Atlassian / Assets Discovery Cloud>= 3.1.4 – >= 3.1.4
• Atlassian / Assets Discovery Cloud>= 3.1.5 – >= 3.1.5
• Atlassian / Assets Discovery Cloud>= 3.1.6 – >= 3.1.6
• Atlassian / Assets Discovery Cloud>= 3.1.7 – >= 3.1.7
• Atlassian / Assets Discovery Cloud>= 3.1.8 – >= 3.1.8
• Atlassian / Assets Discovery Cloud>= 3.1.9 – >= 3.1.9
• Atlassian / Assets Discovery Cloud>= 3.2.0 – >= 3.2.0
• Atlassian / Assets Discovery Data Center< 1.0.0 – < 1.0.0
• Atlassian / Assets Discovery Data Center>= 1.0.0 – >= 1.0.0
• Atlassian / Assets Discovery Data Center>= 3.1.0 – >= 3.1.0
• Atlassian / Assets Discovery Data Center>= 3.1.1 – >= 3.1.1
• Atlassian / Assets Discovery Data Center>= 3.1.10 – >= 3.1.10
• Atlassian / Assets Discovery Data Center>= 3.1.11 – >= 3.1.11
• Atlassian / Assets Discovery Data Center>= 3.1.2 – >= 3.1.2
• Atlassian / Assets Discovery Data Center>= 3.1.3 – >= 3.1.3
• Atlassian / Assets Discovery Data Center>= 3.1.4 – >= 3.1.4
• Atlassian / Assets Discovery Data Center>= 3.1.5 – >= 3.1.5
• Atlassian / Assets Discovery Data Center>= 3.1.6 – >= 3.1.6
• Atlassian / Assets Discovery Data Center>= 3.1.7 – >= 3.1.7
• Atlassian / Assets Discovery Data Center>= 3.1.9 – >= 3.1.9
• Atlassian / Assets Discovery Data Center>= 6.0.0 – >= 6.0.0
• Atlassian / Assets Discovery Data Center>= 6.1.10 – >= 6.1.10
• Atlassian / Assets Discovery Data Center>= 6.1.11 – >= 6.1.11
• Atlassian / Assets Discovery Data Center>= 6.1.12 – >= 6.1.12
• Atlassian / Assets Discovery Data Center>= 6.1.13 – >= 6.1.13
• Atlassian / Assets Discovery Data Center>= 6.1.14 – >= 6.1.14
• Atlassian / Assets Discovery Data Center>= 6.1.9 – >= 6.1.9
• Atlassian / Assets Discovery Data Center>= 6.2.0 – >= 6.2.0

References

• MISChttps://confluence.atlassian.com/security/cve-2023-22523-rce-vulnerability-in-assets-discovery-1319248914.html
• MISChttps://jira.atlassian.com/browse/JSDSERVER-14925