{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-36662", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-12-03T18:50:55.380Z", "dateReserved": "2023-06-25T00:00:00", "datePublished": "2023-06-26T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-06-26T00:00:00"}, "descriptions": [{"lang": "en", "value": "The TechTime User Management components for Atlassian products allow stored XSS on the Bulk User Actions page. This affects User Management for Jira 2.0.0 through 2.17.1, User Management for Confluence 2.0.0 through 2.15.24, and User Management for Bitbucket 2.2.2 through 2.15.24."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://techtime.co.nz/display/TECHTIME/Security+Vulnerability+Affecting+User+Management"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:52:54.370Z"}, "title": "CVE Program Container", "references": [{"url": "https://techtime.co.nz/display/TECHTIME/Security+Vulnerability+Affecting+User+Management", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-03T18:50:41.620054Z", "id": "CVE-2023-36662", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-03T18:50:55.380Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://techtime.co.nz/display/TECHTIME/Security+Vulnerability+Affecting+User+Management", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:52:54.370Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-36662", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-12-03T18:50:41.620054Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-03T18:50:50.684Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://techtime.co.nz/display/TECHTIME/Security+Vulnerability+Affecting+User+Management"}], "descriptions": [{"lang": "en", "value": "The TechTime User Management components for Atlassian products allow stored XSS on the Bulk User Actions page. This affects User Management for Jira 2.0.0 through 2.17.1, User Management for Confluence 2.0.0 through 2.15.24, and User Management for Bitbucket 2.2.2 through 2.15.24."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-06-26T00:00:00"}}}, "cveMetadata": {"cveId": "CVE-2023-36662", "state": "PUBLISHED", "dateUpdated": "2024-12-03T18:50:55.380Z", "dateReserved": "2023-06-25T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-06-26T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:techtime:user_management:*:*:*:*:*:confluence:*:*", "matchCriteriaId": "EDAB4E04-2ABF-4353-8CF7-25F790F28D68", "versionEndIncluding": "2.15.24", "versionStartIncluding": "2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:techtime:user_management:*:*:*:*:*:jira:*:*", "matchCriteriaId": "6516573A-D029-48B8-9D32-36AFFAAF70ED", "versionEndIncluding": "2.17.1", "versionStartIncluding": "2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:techtime:user_management:*:*:*:*:*:bitbucket:*:*", "matchCriteriaId": "7BFE3E31-0974-485B-AD3D-C89782F0E975", "versionEndIncluding": "2.15.24", "versionStartIncluding": "2.2.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The TechTime User Management components for Atlassian products allow stored XSS on the Bulk User Actions page. This affects User Management for Jira 2.0.0 through 2.17.1, User Management for Confluence 2.0.0 through 2.15.24, and User Management for Bitbucket 2.2.2 through 2.15.24."}], "id": "CVE-2023-36662", "lastModified": "2024-11-21T08:10:15.200", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-06-26T01:15:09.110", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://techtime.co.nz/display/TECHTIME/Security+Vulnerability+Affecting+User+Management"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://techtime.co.nz/display/TECHTIME/Security+Vulnerability+Affecting+User+Management"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}