Remote Code Execution Vulnerability in Atlassian Hipchat Server
CVE-2017-8080

8.8HIGH

Key Information:

Vendor
Atlassian
Status
Hipchat Server
Vendor
CVE Published:
5 May 2017

Summary

Atlassian Hipchat Server versions before 2.2.4 possess a vulnerability that allows remote authenticated users, with user-level privileges, to execute arbitrary code. This is made possible through certain vectors associated with image uploads, potentially leading to unauthorized access and manipulation of server data. It is crucial for users to upgrade to the latest version to mitigate these security risks. For detailed information, refer to the security advisory provided by Atlassian.

References

http://www.securityfocus.com/bid/98262
vdb-entryx_refsource_BID
https://confluence.atlassian.com/hc/hipchat-server-securi...
x_refsource_CONFIRM
https://jira.atlassian.com/browse/HCPUB-2980
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.