Uploaded image for project: 'HipChat'
  1. HipChat
  2. HCPUB-3526

Remote code execution in HipChat Server and Data Center via SSRF in 'admin' interface - CVE-2017-14585

    Details

    • Last commented by user?:
      true
    • Symptom Severity:
      Critical
    • Platform:
      HipChat Server

      Description

      A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators.

      For additional details, please see the full advisory.

      Affected Versions

      • Versions of Hipchat Server starting with 2.2.0 and before 2.2.6 and versions of Hipchat Data Center starting with 3.0.0 and before 3.1.0 are affected by this vulnerability.

      Fix

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                rgallagher@atlassian.com Robbie Gallagher
                Participants:
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Last commented:
                  28 weeks ago