An attacker with Server Administrator level privileges could gain Remote Code Execution via a malicious file importation.

Customers who have downloaded and installed HipChat Server 1.0 or later, but before version 2.2.3.
Please run the following patch during a maintenance window (it will restart all the services and disconnect all the users)

# Download the patch file
cd /home/admin
wget https://s3.amazonaws.com/hipchat-server-stable/utils/patch-cve-7357.tar.gz
# Check that the hash of the file matches e078df21acd7a17a41502693a2d7a9b4
md5sum patch-cve-7357.tar.gz
# Extract the patch files
tar xf patch-cve-7357.tar.gz
# Execute the patch
cd /home/admin/CVE7357; sudo dont-blame-hipchat -c './fix-cve-7357.sh'
# The output should end with "Patch applied"

Or upgrade your HipChat Server installations immediately to fix this vulnerability.