Velocity Template Injection Vulnerability in HipChat for JIRA by Atlassian
CVE-2015-5603

Currently unrated

Key Information:

Vendor

Atlassian
Status
Hipchat
Vendor
CVE Published:
21 September 2015

What is CVE-2015-5603?

The HipChat for JIRA plugin before version 6.30.0 for Atlassian JIRA is susceptible to template injection, which may allow remote authenticated users to execute arbitrary Java code. This vulnerability arises due to insufficient input validation in the plugin's use of the Velocity template engine, enabling attackers to craft requests that can manipulate the execution of the server-side code.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://confluence.atlassian.com/jira/jira-and-hipchat-fo...
x_refsource_CONFIRM
https://www.exploit-db.com/exploits/38905/
exploitx_refsource_EXPLOIT-DB
http://packetstormsecurity.com/files/133401/Jira-HipChat-...
x_refsource_MISC

EPSS Score

82% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.