CVE-2024-21682
📋 TL;DR
This high-severity injection vulnerability (CWE-94) in Assets Discovery versions 1.0 through 6.2.0 allows authenticated attackers to modify system call actions, potentially leading to remote code execution. It affects all Assets Discovery deployments integrated with Jira Service Management Cloud, Data Center, or Server. Attackers could compromise the entire system with high impacts on confidentiality, integrity, and availability.
💻 Affected Systems
- Atlassian Assets Discovery
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise via remote code execution, allowing attackers to execute arbitrary commands, steal sensitive network asset data, modify system configurations, and disrupt network scanning operations.
Likely Case
Unauthorized access to network asset data, modification of system configurations, and potential lateral movement within the network environment.
If Mitigated
Limited impact with proper network segmentation, strong authentication controls, and monitoring in place, though the vulnerability remains exploitable by authenticated users.
🎯 Exploit Status
Requires authenticated access but no user interaction. Reported via Atlassian's Penetration Testing program, suggesting potential for weaponization.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Assets Discovery 3.2.1 (Cloud) or 6.2.1 (Data Center)
Vendor Advisory: https://confluence.atlassian.com/assetapps/assets-discovery-3-2-1-cloud-6-2-1-data_center-1333987182.html
Restart Required: Yes
Instructions:
1. Download latest version from Atlassian Marketplace. 2. Backup current configuration. 3. Stop Assets Discovery service. 4. Install updated version. 5. Restart service. 6. Verify functionality.
🔧 Temporary Workarounds
Network Segmentation
allRestrict network access to Assets Discovery instances to only trusted administrative networks
Authentication Hardening
allImplement multi-factor authentication and strong password policies for all Assets Discovery accounts
🧯 If You Can't Patch
- Implement strict network access controls to limit exposure
- Monitor for unusual authentication patterns and system call modifications
🔍 How to Verify
Check if Vulnerable:
Check Assets Discovery version in administration console or configuration files. Versions 1.0 through 6.2.0 are vulnerable.Check Version:
Check Assets Discovery web interface or consult installation documentation for version verification method.Verify Fix Applied:
Verify version is 3.2.1 (Cloud) or 6.2.1 (Data Center) or later in administration console.📡 Detection & Monitoring
Log Indicators:
- Unusual system call patterns
- Authentication from unexpected sources
- Configuration modification attempts
Network Indicators:
- Unexpected outbound connections from Assets Discovery server
- Unusual traffic patterns to/from Assets Discovery ports
SIEM Query:
source="assets_discovery" AND (event_type="system_call" OR event_type="config_change") AND severity=HIGH🔗 References
- https://confluence.atlassian.com/assetapps/assets-discovery-3-2-1-cloud-6-2-1-data_center-1333987182.html
- https://confluence.atlassian.com/pages/viewpage.action?pageId=1354501606
- https://jira.atlassian.com/browse/JSDSERVER-15067
- https://marketplace.atlassian.com/apps/1214668/assets-discovery?hosting=datacenter&tab=installation
- https://confluence.atlassian.com/assetapps/assets-discovery-3-2-1-cloud-6-2-1-data_center-1333987182.html
- https://confluence.atlassian.com/pages/viewpage.action?pageId=1354501606
- https://jira.atlassian.com/browse/JSDSERVER-15067
- https://marketplace.atlassian.com/apps/1214668/assets-discovery?hosting=datacenter&tab=installation
