Alessandro Fondaccio

**Name of the Vulnerable Software and Affected Versions** STAGIL Navigation for Jira - Menu & Themes plugin versions prior to 2.0.52 for Jira **Description** An unauthenticated path traversal issue affects the plugin. By modifying the `fileName` parameter to the "snjCustomDesignConfig" endpoint, it is possible to traverse and read the file system. **Recommendations** For versions prior to 2.0.52, update to version 2.0.52 or later to resolve the issue. As a temporary workaround, consider restricting access to the "snjCustomDesignConfig" endpoint until a patch is available. Avoid using the `fileName` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** STAGIL Navigation for Jira - Menu & Themes plugin versions prior to 2.0.52 for Jira **Description** The issue is an unauthenticated path traversal vulnerability. It affects the ability to access and read the file system by modifying the `fileName` parameter to the "snjFooterNavigationConfig" endpoint. **Recommendations** For versions prior to 2.0.52, update to version 2.0.52 or later to resolve the issue. As a temporary workaround, consider restricting access to the "snjFooterNavigationConfig" endpoint to minimize the risk of exploitation. Avoid using the `fileName` parameter in the affected endpoint until the issue is resolved.