{
  "id": "CVE-2022-32567",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2022-07-07T11:15:12.163",
  "lastModified": "2022-07-14T17:24:24.370",
  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Appfire Jira Misc Custom Fields (JMCF) app 2.4.6 for Atlassian Jira allows XSS via a crafted project name to the Add Auto Indexing Rule function."
    },
    {
      "lang": "es",
      "value": "La aplicaci\u00f3n Appfire Jira Misc Custom Fields (JMCF) versi\u00f3n 2.4.6, para Atlassian Jira permite un ataque de tipo XSS por medio de un nombre de proyecto dise\u00f1ado para la funci\u00f3n Add Auto Indexing Rule"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "SINGLE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.5
        },
        "baseSeverity": "LOW",
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:appfire:jira_misc_custom_fields:2.4.6:*:*:*:*:jira_data_center:*:*",
              "matchCriteriaId": "12B63822-6F36-4168-94B9-F95F3A2340AB"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:appfire:jira_misc_custom_fields:2.4.6:*:*:*:*:jira_server:*:*",
              "matchCriteriaId": "08E09281-B956-421F-8CD0-832A4D04C065"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://marketplace.atlassian.com/apps/27136/jira-misc-custom-fields-jmcf?hosting=server&tab=overview",
      "source": "cve@mitre.org",
      "tags": [
        "Product",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-039.txt",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    }
  ]
}