CVE-2023-26255
published 2023-02-28CVE-2023-26255: An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the…
PriorityP182high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
47.91%
98.7th percentile
An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjCustomDesignConfig endpoint, it is possible to traverse and read the file system.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| stagil | stagil_navigation | < 2.0.52 | 2.0.52 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect path traversal attempts targeting the snjCustomDesignConfig endpoint by monitoring for directory traversal sequences (e.g., ../) in the fileName parameter of HTTP requests to that endpoint. ↗
- →HTTP 200 response with a header containing the string '$textMime' is indicative of a successful exploitation of the path traversal vulnerability in the STAGIL Navigation for Jira plugin.
- ·The vulnerability affects versions of the 'STAGIL Navigation for Jira - Menu & Themes' plugin strictly before 2.0.52; versions 2.0.52 and later are not affected. ↗
- ·The vulnerability is unauthenticated, meaning no credentials are required to exploit it — detection rules should not filter out unauthenticated requests to the snjCustomDesignConfig endpoint. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5gh3-4wwv-vgpw: An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2
ghsa_unreviewed·2023-02-28
CVE-2023-26255 [HIGH] CWE-22 GHSA-5gh3-4wwv-vgpw: An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2
An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjCustomDesignConfig endpoint, it is possible to traverse and read the file system.
VulnCheck
stagil stagil_navigation Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2023·CVSS 7.5
CVE-2023-26255 [HIGH] stagil stagil_navigation Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
stagil stagil_navigation Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjCustomDesignConfig endpoint, it is possible to traverse and read the file system.
Affected: stagil stagil_navigation
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://isc.sans.edu/diary/rss/30038; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-12-04&host_type=src&vulnerability=cve-2023-26255; https://dashboard.shadowserver.org/statis
No detection rules found.
Nuclei
STAGIL Navigation for Jira Menu & Themes <2.0.52 - Local File Inclusion
nuclei·CVSS 7.5
CVE-2023-26255 [HIGH] STAGIL Navigation for Jira Menu & Themes <2.0.52 - Local File Inclusion
STAGIL Navigation for Jira Menu & Themes "
- type: word
part: header
words:
- '$textMime'
- type: status
status:
- 200
# digest: 490a0046304402205068b92c657a2a70283ea7c2983e3cca0841adb92f9311a6813ed19afeb3b99d02205873b0a85baac71ca8e877ab39e800f5d88854a2904b1c08bfc76621a5eeca1c:922c64590222798bb761d5b6d8e72950
https://github.com/1nters3ct/CVEs/blob/main/CVE-2023-26255.mdhttps://marketplace.atlassian.com/apps/1216090/stagil-navigation-for-jira-menus-themes?tab=overview&hosting=cloudhttps://github.com/1nters3ct/CVEs/blob/main/CVE-2023-26255.mdhttps://marketplace.atlassian.com/apps/1216090/stagil-navigation-for-jira-menus-themes?tab=overview&hosting=cloud
2023-02-28
Published
Exploited in the wild