cbcvebase.
CVE-2023-26255
published 2023-02-28

CVE-2023-26255: An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the…

PriorityP182high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
47.91%
98.7th percentile
An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjCustomDesignConfig endpoint, it is possible to traverse and read the file system.

Affected

1 ranges
VendorProductVersion rangeFixed in
stagilstagil_navigation< 2.0.522.0.52

Detection & IOCsextracted from sources · hover to see the quote

othersnjCustomDesignConfig
  • Detect path traversal attempts targeting the snjCustomDesignConfig endpoint by monitoring for directory traversal sequences (e.g., ../) in the fileName parameter of HTTP requests to that endpoint.
  • HTTP 200 response with a header containing the string '$textMime' is indicative of a successful exploitation of the path traversal vulnerability in the STAGIL Navigation for Jira plugin.
  • ·The vulnerability affects versions of the 'STAGIL Navigation for Jira - Menu & Themes' plugin strictly before 2.0.52; versions 2.0.52 and later are not affected.
  • ·The vulnerability is unauthenticated, meaning no credentials are required to exploit it — detection rules should not filter out unauthenticated requests to the snjCustomDesignConfig endpoint.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.