Vulnerability Details : CVE-2023-22523
This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. The vulnerability exists between the Assets Discovery application (formerly known as Insight Discovery) and the Assets Discovery agent.
Vulnerability category: Execute code
Products affected by CVE-2023-22523
- cpe:2.3:a:atlassian:assets_discovery_cloud:*:*:*:*:*:*:*:*
- Atlassian » Assets Discovery Data CenterVersions from including (>=) 1.0.0 and up to, including, (<=) 3.1.11cpe:2.3:a:atlassian:assets_discovery_data_center:*:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:assets_discovery_data_center:*:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:assets_discovery_data_server:*:*:*:*:*:*:*:*
- Atlassian » Assets Discovery Data ServerVersions from including (>=) 1.0.0 and up to, including, (<=) 3.1.11cpe:2.3:a:atlassian:assets_discovery_data_server:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-22523
0.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 54 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-22523
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
Atlassian | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
References for CVE-2023-22523
-
https://jira.atlassian.com/browse/JSDSERVER-14925
[JSDSERVER-14925] RCE Vulnerability in Assets Discovery - CVE-2023-22523 - Create and track feature requests for Atlassian products.Issue Tracking;Vendor Advisory
-
https://support.atlassian.com/jira-service-management-cloud/docs/install-asset-discovery-agents/
Install Assets Discovery agents | Jira Service Management Cloud | Atlassian Support
-
https://jira.atlassian.com/browse/JSDSERVER-14893
Log in to continue - Log in with Atlassian account
-
https://support.atlassian.com/jira-service-management-cloud/docs/what-are-asset-discovery-agents/
What are Assets Discovery agents? | Jira Service Management Cloud | Atlassian Support
-
https://confluence.atlassian.com/security/cve-2023-22523-rce-vulnerability-in-assets-discovery-1319248914.html
CVE-2023-22523 - RCE Vulnerability in Assets Discovery | Atlassian Support | Atlassian DocumentationVendor Advisory
Jump to