Velocity Template Injection Vulnerability in HipChat for JIRA by Atlassian
CVE-2015-5603

Currently unrated

Key Information:

Vendor
Atlassian
Status
Hipchat
Vendor
CVE Published:
21 September 2015

Summary

The HipChat for JIRA plugin before version 6.30.0 for Atlassian JIRA is susceptible to template injection, which may allow remote authenticated users to execute arbitrary Java code. This vulnerability arises due to insufficient input validation in the plugin's use of the Velocity template engine, enabling attackers to craft requests that can manipulate the execution of the server-side code.

References

https://confluence.atlassian.com/jira/jira-and-hipchat-fo...
x_refsource_CONFIRM
https://www.exploit-db.com/exploits/38905/
exploitx_refsource_EXPLOIT-DB
http://packetstormsecurity.com/files/133401/Jira-HipChat-...
x_refsource_MISC

EPSS Score

83% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.