Loading...

This issue belongs to an archived project. You can view it, but you can't modify it. Learn more

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Highest
Fix Version/s: None
Affects Version/s: None
Component/s: Website
Labels:

Symptom Severity:
Severity 1 - Critical

Description

Description

An attacker with user level privileges could gain Remote Code Execution via a malicious image upload.

Affected versions

All versions of HipChat Server before version 2.2.4 are affected by this vulnerability.

Fix

We have taken the following steps to address these issues:

Released HipChat Server version 2.2.4 that contains a fix for the issue.
Released a patch for customers, information on the patch can be found at https://confluence.atlassian.com/x/EvFMNQ.

For additional details see the full advisory.

Attachments

Issue Links

mentioned in: Page Loading...; Page Loading...

Activity

People

Assignee:: Unassigned

Reporter:: Matt Hart (Inactive)

Archiver:: Michael Andreacchio

Dates

Created:: 24/Apr/2017 2:22 AM

Updated:: 13/Nov/2019 11:46 PM

Resolved:: 24/Apr/2017 2:28 AM

Archived:: 16/Jun/2020 5:19 AM