CVE-2023-22523 | Vulnerability Database | Aqua Security

This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. The vulnerability exists between the Assets Discovery application (formerly known as Insight Discovery) and the Assets Discovery agent.

Affected Software

Name	Vendor	Start Version	End Version
Assets_discovery_cloud	Atlassian	1.0.0 (including)	3.2.0 (excluding)
Assets_discovery_data_center	Atlassian	1.0.0 (including)	3.1.11 (including)
Assets_discovery_data_center	Atlassian	6.0.0 (including)	6.2.0 (excluding)
Assets_discovery_data_server	Atlassian	1.0.0 (including)	3.1.11 (including)
Assets_discovery_data_server	Atlassian	6.0.0 (including)	6.2.0 (excluding)

References

https://confluence.atlassian.com/security/cve-2023-22523-rce-vulnerability-in-assets-discovery-1319248914.html
https://jira.atlassian.com/browse/JSDSERVER-14925
https://confluence.atlassian.com/security/cve-2023-22523-rce-vulnerability-in-assets-discovery-1319248914.html
https://jira.atlassian.com/browse/JSDSERVER-14925

NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-22523
CWE	https://cwe.mitre.org/data/definitions/.html