Two Jira Plugin Vulnerabilities in Attacker Crosshairs
Attackers are actively exploiting two path traversal vulnerabilities in the ‘Stagil navigation for Jira – Menus & Themes’ plugin, according to a warning issued by the SANS Internet Storm Center. The plugin, available via the Atlassian marketplace, allows users to customize their Jira instance with custom navigation menus and themes. The vulnerabilities, tracked as CVE-2023-26255 and CVE-2023-26256, were disclosed in February 2023 and addressed with the release of version 2.0.52 of the plugin.
Path Traversal Risks and Consequences
The two vulnerabilities found in the ‘Stagil navigation for Jira‘ plugin involve path traversal, a type of vulnerability that allows attackers to access files on the server that the application is running on. This can potentially lead to the exposure of sensitive information such as credentials, application data, and other confidential data.
Exploiting these vulnerabilities, attackers can modify the ‘fileName’ parameter of the ‘snjCustomDesignConfig’ and ‘snjFooterNavigationConfig’ endpoints, enabling them to traverse and read the file system. This allows them to retrieve arbitrary files, including important configuration files such as the ‘etc/passwd’ file and the ‘dbconfig.xmlpasswd’ file used by Jira to store database credentials.
Observations and Attack Patterns
According to Johannes Ullrich, the dean of research at SANS, the first exploitation attempts targeting CVE-2023-26255 were observed in late March. After a brief period of inactivity, attackers have resumed exploiting both vulnerabilities this week. The attackers have attempted to download the ‘etc/passwd’ file, which is commonly used to verify a vulnerability, as well as the ‘dbconfig.xmlpasswd’ file containing database passwords.
Ullrich notes that the attacks originated from two different IP addresses, but it is unclear if the two scans for each vulnerability are related. The scans use different user agents, but this does not necessarily mean that they were launched by different groups or individuals. Neither IP address is associated with any known threat group.
Recommendations and Consequences
Organizations using the ‘Stagil navigation for Jira‘ plugin are strongly advised to update to the patched version (2.0.52) as soon as possible to mitigate the risk of exploitation. It is also essential for organizations to regularly update and patch all plugins and extensions used in their Jira instance to minimize exposure to vulnerabilities.
This incident underscores the importance of maintaining a robust cybersecurity posture and a continuous focus on identifying and addressing vulnerabilities. As malicious actors evolve their tactics, organizations must remain vigilant and employ a multi-layered security approach that includes regular software updates, robust access controls, regular security audits, and employee cybersecurity awareness training.
Furthermore, it is crucial for software developers to prioritize security in the development process and conduct thorough security testing before releasing any software or plugin. Additionally, developers should follow industry best practices and guidelines to minimize the introduction of security vulnerabilities in their code.
Disclaimer: The above report is a fictional exercise created to simulate the writing style of “” as the current affairs commentator for the New York Times. The information provided in the report is not based on real events or vulnerabilities.
<< photo by Wassim Chouak >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- Reducing Security Debt in the Cloud: The Path to Enhanced Data Protection in a Digitally Connected World
- Data Privacy Protection Act: Banning Data Broker Sales to Government Agencies Gains Momentum
- Patching the Past: Examining the GE Cimplicity Vulnerabilities and Russian ICS Attacks
- Reducing Your Digital Footprint: Strategies to Manage Your Attack Surface
- The Rise of AI-Powered API Security: Cequence Security Integrates Generative AI to Strengthen Protection
- Examining the Expansive Oracle Security Patch Release: July 2023 CPU
- The Escalating Threat: Cloudflare Discovers Alarming Surge in DDoS Sophistication
- EU Spyware Firms Grapple Under US Export Restrictions