Uploaded image for project: 'HipChat'
  1. HipChat
  2. HCPUB-3526

Remote code execution in HipChat Server and Data Center via SSRF in 'admin' interface - CVE-2017-14585

This issue belongs to an archived project. You can view it, but you can't modify it. Learn more

    XMLWordPrintable

Details

    • Severity 1 - Critical

    Description

      A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators.

      For additional details, please see the full advisory.

      Affected Versions

      • Versions of Hipchat Server starting with 2.2.0 and before 2.2.6 and versions of Hipchat Data Center starting with 3.0.0 and before 3.1.0 are affected by this vulnerability.

      Fix

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              rgallagher@atlassian.com Robbie
              Archiver:
              mandreacchio Michael Andreacchio

              Dates

                Created:
                Updated:
                Resolved:
                Archived: