Lucene search

[email protected]CVE-2023-26256

HistoryFeb 28, 2023 - 4:15 p.m.

CVE-2023-26256

2023-02-2816:15:09

CWE-22

[email protected]

web.nvd.nist.gov

cve-2023-26256

unauthenticated access

stagil navigation for jira

menu & themes

path traversal

vulnerability

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.021 Low

EPSS

Percentile

89.2%

JSON

An unauthenticated path traversal vulnerability affects the “STAGIL Navigation for Jira - Menu & Themes” plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjFooterNavigationConfig endpoint, it is possible to traverse and read the file system.

Affected configurations

NVD

Node

stagilstagil_navigationRange<2.0.52jira

CPENameOperatorVersion
stagil:stagil_navigationstagil stagil navigationlt2.0.52

CPE	Name	Operator	Version
stagil:stagil_navigation	stagil stagil navigation	lt	2.0.52

References

github.com/1nters3ct/CVEs/blob/main/CVE-2023-26256.md

marketplace.atlassian.com/apps/1216090/stagil-navigation-for-jira-menus-themes?tab=overview&hosting=cloud

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.021 Low

EPSS

Percentile

89.2%

JSON

Related for CVE-2023-26256

cvelist1 prion1 nuclei1 nvd1 nessus1 githubexploit5