Arbitrary Code Execution Vulnerability in Hipchat Server by Atlassian
CVE-2017-7357

9.1CRITICAL

Key Information:

Vendor
Atlassian
Status
Hipchat Server
Vendor
CVE Published:
14 April 2017

Summary

Hipchat Server prior to version 2.2.3 contains a vulnerability that allows remote authenticated users with Server Administrator privileges to execute arbitrary code by importing specially crafted files. This issue can potentially compromise the integrity of the system and allow unauthorized actions to be performed, emphasizing the importance of immediate patching and security best practices.

References

https://jira.atlassian.com/browse/HCPUB-2903
x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/540410/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/bid/97621
vdb-entryx_refsource_BID

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.