-
Type:
Bug
-
Status: Closed
-
Priority:
Highest
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: HC Platform - HipChat Server
-
Labels:
-
Symptom Severity:Severity 1 - Critical
An attacker with Server Administrator level privileges could gain Remote Code Execution via a malicious file importation.
Customers who have downloaded and installed HipChat Server 1.0 or later, but before version 2.2.3.
Please run the following patch during a maintenance window (it will restart all the services and disconnect all the users)
# Download the patch file cd /home/admin wget https://s3.amazonaws.com/hipchat-server-stable/utils/patch-cve-7357.tar.gz # Check that the hash of the file matches e078df21acd7a17a41502693a2d7a9b4 md5sum patch-cve-7357.tar.gz # Extract the patch files tar xf patch-cve-7357.tar.gz # Execute the patch cd /home/admin/CVE7357; sudo dont-blame-hipchat -c './fix-cve-7357.sh' # The output should end with "Patch applied"
Or upgrade your HipChat Server installations immediately to fix this vulnerability.