CVE-2023-22523

CRITICAL 9.8

CVSS Score

9.8

EPSS Score

0.0%

EPSS Percentile

0th

This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. The vulnerability exists between the Assets Discovery application (formerly known as Insight Discovery) and the Assets Discovery agent.

Vendor	atlassian
Product	assets discovery cloud
Ecosystems	DevTools
Industries	TechnologyEnterprise
Published	Dec 6, 2023
Last Updated	Feb 25, 2026

Stay Ahead of the Next One

Get instant alerts for atlassian assets discovery cloud

Be the first to know when new critical vulnerabilities affecting atlassian assets discovery cloud are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Versions

Atlassian / Assets Discovery Cloud

>= 1.0.0 >= 1.5.7.0 >= 1.5.7.1 >= 1.5.7.3 >= 1.5.7.4 >= 1.6.1.2 >= 1.6.2.0 >= 1.6.3.0 >= 1.6.4.0 >= 1.6.4.4 >= 1.7.0.0 >= 1.7.1.0 >= 1.7.2.0 >= 1.8.0.0 >= 1.8.1.1 >= 1.8.1.2 >= 1.8.1.3 >= 1.8.1.4 >= 1.8.1.5 >= 1.8.2.0 >= 2.0.0.0 >= 3.1.0 >= 3.1.1 >= 3.1.10 >= 3.1.11 >= 3.1.2 >= 3.1.3 >= 3.1.4 >= 3.1.5 >= 3.1.6 >= 3.1.7 >= 3.1.8 >= 3.1.9

Atlassian / Assets Discovery Data Center

>= 1.0.0 >= 3.1.0 >= 3.1.1 >= 3.1.10 >= 3.1.11 >= 3.1.2 >= 3.1.3 >= 3.1.4 >= 3.1.5 >= 3.1.6 >= 3.1.7 >= 3.1.9 >= 6.0.0 >= 6.1.10 >= 6.1.11 >= 6.1.12 >= 6.1.13 >= 6.1.14 >= 6.1.9

References

NVD ↗ CVE.org ↗ EPSS Data ↗

confluence.atlassian.com: https://confluence.atlassian.com/security/cve-2023-22523-rce-vulnerability-in-assets-discovery-1319248914.html jira.atlassian.com: https://jira.atlassian.com/browse/JSDSERVER-14925

Credits

Bug Bounty