Loading...

This issue belongs to an archived project. You can view it, but you can't modify it. Learn more

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Highest
Fix Version/s: None
Affects Version/s: None
Component/s: Data Center, HC Platform - HipChat Server
Labels:

Symptom Severity:
Severity 1 - Critical

Description

A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators.

For additional details, please see the full advisory.

Affected Versions

Versions of Hipchat Server starting with 2.2.0 and before 2.2.6 and versions of Hipchat Data Center starting with 3.0.0 and before 3.1.0 are affected by this vulnerability.

Fix

HipChat Server version 2.2.6 is available to download from https://confluence.atlassian.com/hc/deploying-hipchat-server-609944387.html.
HipChat Data Center version 3.1.0 is available to download from https://www.atlassian.com/software/hipchat/enterprise/data-center#download.

Attachments

Issue Links

mentioned in: Page Loading...; Page Loading...

relates to: SECENG-559 Loading...

Activity

People

Assignee:: Unassigned

Reporter:: Robbie (Inactive)

Archiver:: Michael Andreacchio

Dates

Created:: 06/Oct/2017 9:28 PM

Updated:: 13/Nov/2019 11:47 PM

Resolved:: 21/Nov/2017 5:08 PM

Archived:: 16/Jun/2020 5:19 AM