Overview
- Description
- This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. The vulnerability exists between the Assets Discovery application (formerly known as Insight Discovery) and the Assets Discovery agent.
- Source
- security@atlassian.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 3.0
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:atlassian:assets_discovery_cloud:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B605B443-2604-4D2D-99C2-EF7D955B1886",
"versionEndExcluding": "3.2.0",
"versionStartIncluding": "1.0.0"
},
{
"criteria": "cpe:2.3:a:atlassian:assets_discovery_data_center:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6EE9C216-E2F8-4BDB-A67B-095AA0B19613",
"versionEndIncluding": "3.1.11",
"versionStartIncluding": "1.0.0"
},
{
"criteria": "cpe:2.3:a:atlassian:assets_discovery_data_center:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C95EF896-3AE4-400B-B4BD-61D909D91B5B",
"versionEndExcluding": "6.2.0",
"versionStartIncluding": "6.0.0"
},
{
"criteria": "cpe:2.3:a:atlassian:assets_discovery_data_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "63079045-C71C-4D37-9B05-BD3705B90B37",
"versionEndIncluding": "3.1.11",
"versionStartIncluding": "1.0.0"
},
{
"criteria": "cpe:2.3:a:atlassian:assets_discovery_data_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "329E8EB1-FEAC-4C29-B443-4AB31D5DBC95",
"versionEndExcluding": "6.2.0",
"versionStartIncluding": "6.0.0"
}
],
"operator": "OR"
}
]
}
]