Assets Discovery 3.2.0-Cloud/6.2.0-Data_Center

This release contains a security fix.

Remote Code Execution (RCE) vulnerability impacts Assets Discovery

All Assets Discovery versions earlier than 3.2.0-Cloud/6.2.0-Data_Center are affected by this Remote Code Execution (RCE) vulnerability. 

Atlassian rates the severity level of this vulnerability as critical (CVSSv3 9.0). Learn more about CVE-2023-22523

Atlassian recommends that you patch each of your affected installations to Assets Discovery 3.2.0 Cloud/6.2.0-Data_Center version.

Discovery Tool updates in Assets Discovery 3.2.0-Cloud/6.2.0-Data_Center

Security fix for Remote Code Execution (RCE) vulnerability

In this release, Assets Discovery 3.2.0-Cloud/6.2.0, we've strengthened the communication protocol between the Discovery Tool and the Discovery agents. The encrypted communication channel uses an additional Agent Token to ensure authenticity of the requests exchanged between the Discovery application and Discovery agents. 

As this new communication protocol is incompatible with the earlier Assets Discovery releases, you’ll need to upgrade the Discovery tool, as well as all agents, before configuring the token. Learn how to update Discovery and the Collector

解決済みの課題

T キー 要約 ステータス
Loading...
Refresh


最終更新日: 2023 年 12 月 6 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.