Uploaded image for project: 'HipChat'
  1. HipChat
  2. HCPUB-3473

Remote code execution in HipChat Desktop Mac client via video link parsing

This issue belongs to an archived project. You can view it, but you can't modify it. Learn more

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Highest
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Video
    • Labels:
      None
    • Symptom Severity:
      Severity 1 - Critical

      Description

      The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing.

      For additional details, please see the full advisory.

      Affected Versions

      • This issue was introduced in version 4.0 of the Hipchat for Mac desktop client. Versions of Hipchat for Mac desktop client starting with 4.0 before 4.30 are affected by this vulnerability.

      Fix

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              rgallagher@atlassian.com Robbie
              Archiver:
              mandreacchio Michael Andreacchio

                Dates

                Created:
                Updated:
                Resolved:
                Archived: