Loading...

This issue belongs to an archived project. You can view it, but you can't modify it. Learn more

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Highest
Fix Version/s: HCS 2.2.2
Affects Version/s: None
Component/s: Other
Labels:

Symptom Severity:
Severity 1 - Critical

Description

Description

HipChat Server has a version of the Apache Struts2 that is vulnerable to remote network attackers who can potentially execute code on vulnerable versions of HipChat Server to:

Execute remote code of their choice
Make http requests to local and internal services

To exploit this issue, attackers need to have network access to a HipChat Server instance.

Affected versions
All versions of HipChat Server before version 2.2.2 are affected by this vulnerability.

Fix

We have taken the following steps to address these issues:

Released a patch for customers.
Released HipChat Server version 2.2.2 that contains a fix for the issue.

For additional details see the full advisory.

Attachments

Issue Links

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...

relates to: HOT-67889 Loading...; CHAT-335 Loading...; CHAT-334 Loading...

(2 relates to)

Activity

People

Assignee:: Unassigned

Reporter:: Alek Amrani (Inactive)

Archiver:: Michael Andreacchio

Dates

Created:: 09/Mar/2017 9:22 PM

Updated:: 30/Aug/2017 6:15 AM

Resolved:: 10/Mar/2017 8:58 PM

Archived:: 16/Jun/2020 5:19 AM