codeclou has published a bugfix with app version 2.13.1 for the Data Center and Server version of Customfield Editor for Jira.
Please make sure you secure your root Jira installations by following the steps described in the Atlassian FAQ for CVE-2022-0540.
In short - Update Jira and codeclou Apps to the following versions to be protected from CVE-2022-0540:
The threat for the Customfield Editor for Jira is very limited. Since we have additional authentication checks in place in our REST API which is not affected by the bug. In the Customfield Editor for Jira app the WebWork-pages are not accepting user input or providing any data server-side. They simply provide "blank" pages for the frontend (React) to hook in and call the REST API. So even if someone would be able to view an WebWork-admin-page they would simply see a blank page since the REST API is secure.
The threat on Jira itself might be a lot higher, please ask the Atlassian Support on that regard.
We have analyzed all our apps for potential threats regarding CVE-2022-0540. codeclou provides an app update for affected apps. Please update Jira and all your apps to be protected from CVE-2022-0540.