Assets Discovery 3.2.0-Cloud/6.2.0-Data_Center
This release contains a security fix.
Remote Code Execution (RCE) vulnerability impacts Assets Discovery
All Assets Discovery versions earlier than 3.2.0-Cloud/6.2.0-Data_Center are affected by this Remote Code Execution (RCE) vulnerability.
Atlassian rates the severity level of this vulnerability as critical (CVSSv3 9.0). Learn more about CVE-2023-22523
Atlassian recommends that you patch each of your affected installations to Assets Discovery 3.2.0 Cloud/6.2.0-Data_Center version.
Discovery Tool updates in Assets Discovery 3.2.0-Cloud/6.2.0-Data_Center
Security fix for Remote Code Execution (RCE) vulnerability
In this release, Assets Discovery 3.2.0-Cloud/6.2.0, we've strengthened the communication protocol between the Discovery Tool and the Discovery agents. The encrypted communication channel uses an additional Agent Token to ensure authenticity of the requests exchanged between the Discovery application and Discovery agents.
As this new communication protocol is incompatible with the earlier Assets Discovery releases, you’ll need to upgrade the Discovery tool, as well as all agents, before configuring the token. Learn how to update Discovery and the Collector