9.8

CVE-2023-22523

EPSS 7.19%
Veröffentlicht 06.12.2023 05:15:10
Zuletzt bearbeitet 21.11.2024 07:44:58
Quelle security@atlassian.com
CVE-Watchlists
Login
Unerledigt
Login

This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. The vulnerability exists between the Assets Discovery application (formerly known as Insight Discovery) and the Assets Discovery agent.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Atlassian ≫ Assets Discovery Cloud Version >= 1.0.0 < 3.2.0

Atlassian ≫ Assets Discovery Data Center Version >= 1.0.0 <= 3.1.11

Atlassian ≫ Assets Discovery Data Center Version >= 6.0.0 < 6.2.0

Atlassian ≫ Assets Discovery Data Server Version >= 1.0.0 <= 3.1.11

Atlassian ≫ Assets Discovery Data Server Version >= 6.0.0 < 6.2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	7.19%	0.912

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
security@atlassian.com	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

https://confluence.atlassian.com/security/cve-2023-22523-rce-vulnerability-in-assets-discovery-1319248914.html

Vendor Advisory

https://jira.atlassian.com/browse/JSDSERVER-14925

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2023-22523

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-22523

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-22523

EUVD