CVE-2023-22523
Published: 06 December 2023
Summary
CVE-2023-22523 is a high-severity an unspecified weakness vulnerability in Atlassian Assets Discovery Data Center. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 8.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2023-22523 is a remote code execution vulnerability that exists in the communication path between the Assets Discovery application, formerly known as Insight Discovery, and the Assets Discovery agent. It affects any machine with the Assets Discovery agent installed and carries a CVSS 3.1 score of 8.8 reflecting network attack vector, low attack complexity, and low required privileges.
An authenticated attacker can exploit the flaw over the network to obtain privileged remote code execution, resulting in complete loss of confidentiality, integrity, and availability on the targeted host.
Atlassian has published official security advisories and linked Jira entries that address the issue. The associated EPSS score has remained flat at a peak of 0.0719 since disclosure, indicating no material rise in observed exploitation interest.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-26663
Vulnerability details
This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. The vulnerability exists between the Assets Discovery application (formerly known as Insight Discovery) and the Assets Discovery agent.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.