Uploaded image for project: 'HipChat'
  1. HipChat
  2. HCPUB-3473

Remote code execution in HipChat Desktop Mac client via video link parsing

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Highest
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Video
    • Labels:
      None
    • Last commented by user?:
      true
    • Symptom Severity:
      Critical
    • Platform:
      Mac client

      Description

      The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing.

      For additional details, please see the full advisory.

      Affected Versions

      • This issue was introduced in version 4.0 of the Hipchat for Mac desktop client. Versions of Hipchat for Mac desktop client starting with 4.0 before 4.30 are affected by this vulnerability.

      Fix

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                rgallagher@atlassian.com Robbie Gallagher
                Participants:
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Last commented:
                  30 weeks, 4 days ago