An unauthenticated path traversal vulnerability affects the “STAGIL Navigation for Jira – Menu & Themes” plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjFooterNavigationConfig endpoint, it is possible to traverse and read the file system.
What do you think?
It is nice to know your opinion. Leave a comment.