A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators.
For additional details, please see the full advisory.
- Versions of Hipchat Server starting with 2.2.0 and before 2.2.6 and versions of Hipchat Data Center starting with 3.0.0 and before 3.1.0 are affected by this vulnerability.
- HipChat Server version 2.2.6 is available to download from https://confluence.atlassian.com/hc/deploying-hipchat-server-609944387.html.
- HipChat Data Center version 3.1.0 is available to download from https://www.atlassian.com/software/hipchat/enterprise/data-center#download.