This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.JIRA_CVE-2023-26256.NBINJira Server/Data Center STAGIL Navigation plugin Path Traversal CVE-2023-26256
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.021 Low
EPSS
Percentile
89.2%
The Atlassian JIRA application running on the remote host has plugins enabled. It is ,therefore, potentially affected by an unauthenticated path traversal vulnerability affecting the ‘STAGIL Navigation for Jira - Menu & Themes’ plugin before 2.0.52. By modifying the fileName parameter to the snjFooterNavigationConfig endpoint, it is possible to traverse and read the file system. (CVE-2023-26256)
Binary data jira_CVE-2023-26256.nbin| Vendor | Product | Version | CPE |
|---|---|---|---|
| atlassian | jira | cpe:/a:atlassian:jira | |
| stagil | stagil_navigation | cpe:/a:stagil:stagil_navigation |
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.021 Low
EPSS
Percentile
89.2%