CVE-2023-26256
Published: 28 February 2023
Summary
CVE-2023-26256 is a high-severity Path Traversal (CWE-22) vulnerability in Stagil Stagil Navigation. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
An unauthenticated path traversal vulnerability affects the STAGIL Navigation for Jira - Menu & Themes plugin before version 2.0.52. The flaw, tracked as CWE-22, resides in the snjFooterNavigationConfig endpoint where an attacker can supply a crafted fileName parameter to traverse directories and read arbitrary files from the underlying file system. It carries a CVSS 3.1 score of 7.5 reflecting network-accessible exploitation with no required credentials or user interaction and high impact on confidentiality.
Any remote attacker can exploit the issue without authentication to retrieve sensitive files such as configuration data or application secrets stored on the Jira host. The vulnerability is reachable directly over the network because the affected endpoint does not enforce access controls on the fileName input.
The associated EPSS score has remained consistently high, with a current value of 0.9177 and a recorded peak of 0.9271, indicating sustained exploitation interest following public disclosure. Public references include a proof-of-concept on GitHub and the vendor's Atlassian Marketplace listing, though no additional mitigation details are provided in the available data.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-30080
Vulnerability details
An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjFooterNavigationConfig endpoint, it is possible to traverse and read the file system.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.