cve/2023/CVE-2023-26255.md

CVE-2023-26255

Description

An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjCustomDesignConfig endpoint, it is possible to traverse and read the file system.

POC

Reference

• https://github.com/1nters3ct/CVEs/blob/main/CVE-2023-26255.md

Github

• https://github.com/0x7eTeam/CVE-2023-26256
• https://github.com/Nian-Stars/CVE-2023-26255-6
• https://github.com/aodsec/CVE-2023-26256
• https://github.com/jcad123/CVE-2023-26256
• https://github.com/nomi-sec/PoC-in-GitHub
• https://github.com/tucommenceapousser/CVE-2023-26255-Exp