Lucene search
HistoryFeb 28, 2023 - 4:15 p.m.
CVE-2023-26255
unauthenticated
path traversal
stagil navigation
jira
plugin
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.277
Percentile
96.9%
An unauthenticated path traversal vulnerability affects the “STAGIL Navigation for Jira - Menu & Themes” plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjCustomDesignConfig endpoint, it is possible to traverse and read the file system.
Affected configurations
Node
stagilstagil_navigationRange<2.0.52jira
| Vendor | Product | Version | CPE |
|---|---|---|---|
| stagil | stagil_navigation | * | cpe:2.3:a:stagil:stagil_navigation:*:*:*:*:*:jira:*:* |
Related
nuclei
nuclei
STAGIL Navigation for Jira Menu & Themes <2.0.52 - Local File Inclusion
2023-03-16 12:25:17
cve
cve
CVE-2023-26255
2023-02-28 16:15:09
cvelist
cvelist
CVE-2023-26255
2023-02-28 00:00:00
prion
prion
Path traversal
2023-02-28 16:15:00
nessus
nessus
githubexploit
githubexploit
Exploit for Path Traversal in Stagil Stagil Navigation
2023-08-30 23:57:10
Exploit for Path Traversal in Stagil Stagil Navigation
2023-08-25 21:56:48
Exploit for Path Traversal in Stagil Stagil Navigation
2023-09-01 00:10:36
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.277
Percentile
96.9%
Related for NVD:CVE-2023-26255