SB2024022142 - Code injection in Atlassian Assets Discovery
Published: February 21, 2024
Security Bulletin ID
SB2024022142
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Code Injection (CVE-ID: CVE-2024-21682)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote privileged user can send a specially crafted request and execute arbitrary code on the target system.
Remediation
Install update from vendor's website.
References
- https://confluence.atlassian.com/assetapps/assets-discovery-3-2-1-cloud-6-2-1-data_center-1333987182.html
- https://confluence.atlassian.com/pages/viewpage.action?pageId=1354501606
- https://jira.atlassian.com/browse/JSDSERVER-15067
- https://marketplace.atlassian.com/apps/1214668/assets-discovery?hosting=datacenter&tab=installation