CVE-2024-21682: 
Jira Assets Discovery Data Center vulnerability analysis and mitigation

A high severity Injection vulnerability (CVE-2024-21682) was discovered in Assets Discovery versions 1.0 through 6.2.0. Assets Discovery is a network scanning tool available via Atlassian Marketplace that can be used with or without an agent with Jira Service Management Cloud, Data Center, or Server. The tool is designed to detect hardware and software connected to local networks and extract detailed information about each asset, which can then be imported into Assets in Jira Service Management (Atlassian Security, NVD).

The vulnerability has a CVSS Score of 7.2 (High) with the vector string CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. It allows an authenticated attacker to modify the actions taken by a system call, requiring no user interaction. The vulnerability is classified as an Injection type vulnerability (CWE-94) (Atlassian JIRA).

The vulnerability has high impact on confidentiality, integrity, and availability of the system. When successfully exploited, it allows authenticated attackers to modify system call actions, potentially compromising the security of the affected system (NVD).

Atlassian recommends that Assets Discovery customers upgrade to version 7.0.0 or patch to version 6.2.1. The latest version can be downloaded from the Atlassian Marketplace. There is no need to upgrade the Jira Service Management product itself, only the Assets Discovery application and agents need to be updated (Atlassian Release Notes).