CVE-2017-8058

5.9MEDIUM

Key Information:

Vendor: Atlassian
Status: Hipchat
Vendor: CVE Published:; 5 May 2017

Summary

Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call.

References

http://www.securityfocus.com/bid/98318

vdb-entryx_refsource_BID

https://medium.com/%40chronic_9612/follow-up-76-popular-a...

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 5, 2017
Vulnerability Reserved
Apr 22, 2017