CVE-2024-21682

Опубликовано: 20 фев. 2024

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 (all versions).

Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or Server. It detects hardware and software that is connected to your local network and extracts detailed information about each asset. This data can then be imported into Assets in Jira Service Management to help you manage all of the devices and configuration items within your local network.

This Injection vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to modify the actions taken by a system call which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.

Atlassian recommends that Assets Discovery customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the

Ссылки

https://confluence.atlassian.com/assetapps/assets-discovery-3-2-1-cloud-6-2-1-data_center-1333987182.html
Release Notes
https://confluence.atlassian.com/pages/viewpage.action?pageId=1354501606
Vendor Advisory
https://jira.atlassian.com/browse/JSDSERVER-15067
Issue Tracking
Vendor Advisory
https://marketplace.atlassian.com/apps/1214668/assets-discovery?hosting=datacenter&tab=installation
Product
https://confluence.atlassian.com/assetapps/assets-discovery-3-2-1-cloud-6-2-1-data_center-1333987182.html
Release Notes
https://confluence.atlassian.com/pages/viewpage.action?pageId=1354501606
Vendor Advisory
https://jira.atlassian.com/browse/JSDSERVER-15067
Issue Tracking
Vendor Advisory
https://marketplace.atlassian.com/apps/1214668/assets-discovery?hosting=datacenter&tab=installation
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:atlassian:assets_discovery_data_center:*:*:*:*:*:*:*:*

Версия от 1.0.0 (включая) до 6.2.1 (исключая)

EPSS

Процентиль: 45%

0.00226

Низкий

7.2 High

CVSS3

7.2 High

CVSS3

Дефекты

CWE-94

Связанные уязвимости

GHSA-6rrc-h5ph-44m6

CVSS3: 7.2

github

больше 1 года назад

This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 (all versions). Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or Server. It detects hardware and software that is connected to your local network and extracts detailed information about each asset. This data can then be imported into Assets in Jira Service Management to help you manage all of the devices and configuration items within your local network. This Injection vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to modify the actions taken by a system call which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Assets Discovery customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of t...

BDU:2024-02064

CVSS3: 7.2

fstec

больше 1 года назад

Уязвимость агента обнаружения активов Assets Discovery (ранее Insight Discovery) программных продуктов обработки данных Atlassian Jira Service Management Data Center and Server и Cloud, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 45%

0.00226

Низкий

7.2 High

CVSS3

7.2 High

CVSS3

Дефекты

CWE-94