-
Type:
Bug
-
Resolution: Fixed
-
Priority:
Highest
-
None
-
Affects Version/s: None
-
Component/s: Website
-
Severity 1 - Critical
Description
An attacker with user level privileges could gain Remote Code Execution via a malicious image upload.
Affected versions
- All versions of HipChat Server before version 2.2.4 are affected by this vulnerability.
Fix
We have taken the following steps to address these issues:
- Released HipChat Server version 2.2.4 that contains a fix for the issue.
- Released a patch for customers, information on the patch can be found at https://confluence.atlassian.com/x/EvFMNQ.
For additional details see the full advisory.