Atlassian Jira Service Management Assets Discovery < 6.2.0 (JSDSERVER-14925)

high Nessus Plugin ID 186688


The Atlassian Jira Service Management Assets Discovery app running on the remote host missing a security update.


The version of the Atlassian Jira Service Management Assets Discovery (formerly Insight Discovery) app running on the remote host is prior to 6.2.0. It is, therefore, affected by a remote code execution vulnerability as referenced in the JSDSERVER-14925 advisory. The vulnerability exists between the Assets Discovery application and the Assets Discovery agent. If exploited by an unauthenticated, remote attacker this vulnerability could allow them to perform privileged RCE on machines with the Assets Discovery agent installed.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.


Update the Assets Discovery app to 6.2.0 or later.

See Also

Plugin Details

Severity: High

ID: 186688

File Name: jira_service_desk_JSDSERVER-14925.nasl

Version: 1.2

Type: local

Agent: windows

Family: Windows

Published: 12/8/2023

Updated: 12/12/2023

Configuration: Enable thorough checks

Supported Sensors: Nessus Agent, Nessus

Risk Information


Risk Factor: Medium

Score: 5.9


Risk Factor: High

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2023-22523


Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:atlassian:jira_service_desk, cpe:/a:atlassian:jira_service_management, x-cpe:/a:atlassian:assets_discovery

Required KB Items: installed_sw/Jira Assets Discovery

Exploit Ease: No known exploits are available

Patch Publication Date: 12/5/2023

Vulnerability Publication Date: 12/5/2023

Reference Information

CVE: CVE-2023-22523

IAVA: 2023-A-0672