An attacker with user level privileges could gain Remote Code Execution via a malicious image upload.
- All versions of HipChat Server before version 2.2.4 are affected by this vulnerability.
We have taken the following steps to address these issues:
- Released HipChat Server version 2.2.4 that contains a fix for the issue.
- Released a patch for customers, information on the patch can be found at https://confluence.atlassian.com/x/EvFMNQ.
For additional details see the full advisory.