KEVIntel
Back to KEVs
7.5
CVSS
High

CVE-2023-26256

PUBLISHED

An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By...

PoC available Remote Low complexity No user interaction
Vendor
Atlassian
Product
Jira
Published
Feb 28, 2023
EPSS

Description

An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjFooterNavigationConfig endpoint, it is possible to traverse and read the file system.

nuclei_scanner

CVSS scores

CVSS v3.1 7.5 High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitation status

Proof of concept available

Recorded 2023-08-24 01:57:00 UTC · Source

SSVC decision points

Exploitation
poc
Automatable
No
Technical impact
partial

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
The Shadowserver (via CIRCL) Jun 01, 2025

Scanner integrations

Scanner Reference Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-26256.yaml Apr 25, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

jcad123/CVE-2023-26256

github · Created 2023-09-01 00:10:36 UTC · 3 stars

CVE-2023-26255_POC,CVE-2023-26256_POC

xhs-d/CVE-2023-26256

github · Created 2023-08-28 08:00:16 UTC · 0 stars

CVE-2023-26256_POC

0x7eTeam/CVE-2023-26256

github · Created 2023-08-24 01:57:00 UTC · 31 stars

CVE-2023-26255_POC,CVE-2023-26256_POC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Proof of Concept Exploit Available

  • Detected by Nuclei

  • Added to KEVIntel