CVE-2023-26256 Information

Description

An unauthenticated path traversal vulnerability affects the \STAGIL Navigation for Jira - Menu & Themes\ plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjFooterNavigationConfig endpoint it is possible to traverse and read the file system.

Reference

https://github.com/1nters3ct/CVEs/blob/main/CVE-2023-26256.md https://marketplace.atlassian.com/apps/1216090/stagil-navigation-for-jira-menus-themes?tab=overview&hosting=cloud