Vulnerability Detail
Enriched intelligence for a single CVE
High
CVE-2023-26256
PUBLISHEDAn unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By...
Not yet in CISA KEV
- Vendor
- Atlassian
- Product
- Jira
- Published
- Feb 28, 2023
- EPSS
- —
Automate This Intelligence with the Pro API
Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot data — is available programmatically for VM, SOC, and CTI workflows.
Description
An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjFooterNavigationConfig endpoint, it is possible to traverse and read the file system.
Weaknesses (CWE)
-
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSS Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitation Status
Proof of concept available
Recorded 2023-08-24 01:57:00 UTC · GitHub
Known Exploited Vulnerability Sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| The Shadowserver (via CIRCL) First | 2025-06-01 00:00 UTC |
Scanner Integrations
| Scanner | Reference | Detected |
|---|---|---|
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-26256.yaml | Apr 25, 2025 |
Potential Proof of Concepts
These PoCs are unverified and could contain malware. Use at your own risk.
github · Created 2023-09-01 00:10:36 UTC · 3 stars
CVE-2023-26255_POC,CVE-2023-26256_POC
github · Created 2023-08-24 01:57:00 UTC · 31 stars
CVE-2023-26255_POC,CVE-2023-26256_POC
nuclei · Created Unknown
Timeline
-
Added to KEVIntel
-
Detected by Nuclei
-
Proof of Concept Exploit Available
-
CVE Published to Public
-
CVE ID Reserved