Unauthenticated Path Traversal Vulnerability in STAGIL Navigation for Jira - Menu & Themes Plugin

CVE-2023-26256 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjFooterNavigationConfig endpoint, it is possible to traverse and read the file system.

Learn more about our Web Application Penetration Testing UK.